tags 679641 patch
thanks
I developed the attached patch for dpkg based on the advice of Stephen Smalley
<[email protected]> which is based on code used in Fedora and RHEL to address
the same issue.
http://www.spinics.net/lists/selinux/msg12460.html
The archive of the discussion on the SE Linux mailing list is at the above
URL.
I guess it's too late for this to go in Wheezy. But can it be put on the list
for the first update to Wheezy?
As an aside, even if mcstransd would never fail this change would still make
dpkg slightly faster so it would be a good thing to do anyway.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
diff -ru dpkg-1.16.4.3.orig/src/archives.c dpkg-1.16.4.3/src/archives.c
--- dpkg-1.16.4.3.orig/src/archives.c 2012-06-14 15:12:34.000000000 +1000
+++ dpkg-1.16.4.3/src/archives.c 2012-06-30 22:23:41.000000000 +1000
@@ -472,7 +472,11 @@
/* Set selinux_enabled if it is not already set (singleton). */
if (selinux_enabled < 0)
+ {
selinux_enabled = (is_selinux_enabled() > 0);
+ if(selinux_enabled)
+ set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+ }
/* If SE Linux is not enabled just do nothing. */
if (!selinux_enabled)
@@ -488,7 +492,7 @@
return;
if (strcmp(scontext, "<<none>>") != 0) {
- if (lsetfilecon(path, scontext) < 0)
+ if (lsetfilecon_raw(path, scontext) < 0)
/* XXX: This might need to be fatal instead!? */
perror("Error setting security context for next file object:");
}
