Hi, On Tue, 17 May 2005 13:17:56 +0100, Scott James Remnant <[EMAIL PROTECTED]> said:
> On Sun, 2005-05-01 at 00:26 -0500, Manoj Srivastava wrote: >> I have created a small (68 lines addition in lib/star.c) patch for >> SELinux support in dpkg. This is against the version pulled from >> [EMAIL PROTECTED]/dpkg--devel--1.13--patch-137. Adding in >> changes to configure, Makefile.am's for the binaries, ChangeLog, >> and ./debian/changelog, we have 188 lines of addtions, 7 deletions >> over 10 files (the bulk being 68 lines of code change and 30 lines >> of ChangeLog). >> > I'm not sure that perror() is appropriate, is it really just a > warning if the context set fails or should ohshite() be called to > abort the installation? This is a preference thing. If the context set fails, then the file shall be installed like any file that the sys admin unpacked using tar -- that is, in the sysadm_t domain. The package may or may not be usable, depending on the security policy. It should be easier for a human to fix the security context manually if the file existed on disk. My first instinct was to not bomb out on the very first version where Se-Linux support has been implemented -- we cna always add the abort call once we are relatively sure that things do not screw up. Technically, inability to set the security context is a symptom of something really wrong, and it would make sense to abort at this point before we move back into Sid. manoj -- You can never tell which way the train went by looking at the tracks. Manoj Srivastava <[EMAIL PROTECTED]> <http://www.golden-gryphon.com/> 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]