Laurent Bigonville: >> But are there no better alternatives than calling restorecon? The >> main use of that command is to "correct errors" (as the man page >> says). >> Wouldn't it be better to avoid those errors by correcting the >> scripts ? > > That would requires changes in the repolicy (for the files created by > initscripts) and some changes to dpkg code (I'm not even sure that > this could be achieve that way) for the files installed by maintainer > scripts. > > So here restorecon call is a correct way of doing things, even if it's > maybe not the best. There are actually several initscript that are > doing this ATM. > >> Are we aware of packages with such errors? So far I only know about >> this one, because it is blocking #685992 : >> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687306 > > There is also #678719
In these two issues the maintainers seem to explicitly dislike the "restorecon"-solution. Perhaps they are more interested in the best way of doing things? I suppose that rpm-based distributions using SELinux had to solve similar issues. Cheers, Andreas _______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
