On Wednesday 31 January 2007 04:08, Ian Jackson <[EMAIL PROTECTED]> wrote: > We currently envisage three kinds of triggers: > * Explicit triggers. These can be activated by any program > by running dpkg-trigger (at any time, but ideally from a maintainer > script). > * File triggers. These are activated automatically by dpkg > when a matching file is installed, upgraded or removed as part > of a package. They may also be explicitly activated by running > dpkg-trigger. > * Special triggers, which activate magic code in dpkg itself. > Currently none of these are defined.
Manoj's recent work on SE Linux policy has the package examine the system to determine which packages are installed and to then load the matching SE Linux policy modules. This works OK on an initial install as a complete relabel is performed after installing the policy. But for a running SE Linux system when a new package is installed we need the policy loaded first. For example if a SE Linux system does not have Apache installed then the Apache policy will not be loaded (saves some kernel memory). If you install one of the Apache packages then ideally the SE Linux policy module will be loaded first (before the package is unpackaged). This means that we need a trigger for new package selection and the trigger has to be completed before any of the packages are installed. In the case of SE Linux it's not really a problem if the installation of the package in question is never performed. For example if I ask Apt to install Apache and then press ^C after the SE Linux trigger has been called to load the policy but before the Apache package is unpacked then it's OK. There will be slightly more kernel memory in use but the system operates as before. If I never decide to install Apache then the policy just keeps running, I easily can remove it if necessary. Inserting and removing SE Linux policy modules if similar to running modprobe and rmmod except that the state is changed on disk and applies after the next reboot. -- [EMAIL PROTECTED] http://etbe.blogspot.com/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
