tags 679641 patch thanks I developed the attached patch for dpkg based on the advice of Stephen Smalley <s...@tycho.nsa.gov> which is based on code used in Fedora and RHEL to address the same issue.
http://www.spinics.net/lists/selinux/msg12460.html The archive of the discussion on the SE Linux mailing list is at the above URL. I guess it's too late for this to go in Wheezy. But can it be put on the list for the first update to Wheezy? As an aside, even if mcstransd would never fail this change would still make dpkg slightly faster so it would be a good thing to do anyway. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
diff -ru dpkg-1.16.4.3.orig/src/archives.c dpkg-1.16.4.3/src/archives.c --- dpkg-1.16.4.3.orig/src/archives.c 2012-06-14 15:12:34.000000000 +1000 +++ dpkg-1.16.4.3/src/archives.c 2012-06-30 22:23:41.000000000 +1000 @@ -472,7 +472,11 @@ /* Set selinux_enabled if it is not already set (singleton). */ if (selinux_enabled < 0) + { selinux_enabled = (is_selinux_enabled() > 0); + if(selinux_enabled) + set_matchpathcon_flags(MATCHPATHCON_NOTRANS); + } /* If SE Linux is not enabled just do nothing. */ if (!selinux_enabled) @@ -488,7 +492,7 @@ return; if (strcmp(scontext, "<<none>>") != 0) { - if (lsetfilecon(path, scontext) < 0) + if (lsetfilecon_raw(path, scontext) < 0) /* XXX: This might need to be fatal instead!? */ perror("Error setting security context for next file object:"); }