[DSE-Dev] Bug#1068601: is this really a bug?
Russell Coker
russell at coker.com.au
Sat Jan 11 08:37:58 GMT 2025
The program dpkg is very important to Debian, but an unusual mount option
(nosuid for /var) isn't so important.
You have found a workaround for your issue.
The possibilities for this moving forward are:
1) I could change the policy to allow this unconditionally for dpkg and the
few other programs that might hit the same situation (boinc is one example).
2) Add a boolean for this. This still requires some manual interaction but
would be easier.
3) Just declare it not a bug and something that people can customise for
themselves. A non-suid /var is not something that happens accidentally or
easily and the SE Linux policy change probably isn't the most difficult part
of changing this.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the SELinux-devel
mailing list