Re: [RFC][PATCH] selinux: introduce support for deferred mapping of inode security contexts

[Jeremy Katz <katzj@redhat.com>]

On Fri, 2006-05-26 at 16:13 -0400, Stephen Smalley wrote:
> On Fri, 2006-05-26 at 14:54 -0400, Jeremy Katz wrote:
> > On Thu, 2006-05-25 at 11:28 -0400, Stephen Smalley wrote:
> > > On Thu, 2006-05-25 at 11:19 -0400, Stephen Smalley wrote:
> > > b) having rpm recheck at install time provides us with both greater
> > > robustness (in the event of a bug in rpmbuild or a package corrupted in
> > > some manner along the way) and security (in the event of a maliciously
> > > constructed package).
> > 
> > But I'm willing to concede that adding some form of checking here may
> > well make sense.  But I'm not convinced it will necessarily belong in
> > rpm itself -- it may make more sense to have it in the
> > policy_module_loader_helper which is going to end up being needed to
> > avoid stupid scriptlet errors.  But that's in the realm of it not really
> > mattering who's checking in that it's being checked.  Does that seem
> > reasonable?
> 
> Only issue here is the error path in rpm if that helper fails (or
> whether the helper gets enough information from rpm to take corrective
> action itself).

We'll make sure that the helper has enough information to fallback to
relabeling as unlabeled (it might even make sense for it to be able to
fall back to what the loaded policy would give so that, eg, shared libs
at least end up as lib_t)

Jeremy


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.