prelink on debian

prelink on debian

[Luke Kenneth Casson Leighton]

[-- Attachment #1: Type: text/plain, Size: 474 bytes --]

prelink is a script on debian: i had to add this because prelink checks
that there's > 50mb of disk space and then exec's prelink.bin.

-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


[-- Attachment #2: z --]
[-- Type: text/plain, Size: 592 bytes --]

diff -Naur 
--- default.1.14/file_contexts/program/prelink.fc   2004-08-02 08:28:37.000000000 +0100
+++ current/file_contexts/program/prelink.fc    2004-08-15 10:00:40.000000000 +0100
@@ -1,5 +1,6 @@
 # prelink - prelink ELF shared libraries and binaries to speed up startup time
 /usr/sbin/prelink      --  system_u:object_r:prelink_exec_t
+/usr/sbin/prelink.bin      --  system_u:object_r:prelink_exec_t
 /etc/prelink.conf      --  system_u:object_r:etc_prelink_t
 /var/log/prelink.log       --  system_u:object_r:prelink_log_t
 /etc/prelink.cache     --  system_u:object_r:prelink_cache_t

Re: prelink on debian

[Russell Coker]

On Tue, 24 Aug 2004 09:21, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> prelink is a script on debian: i had to add this because prelink checks
> that there's > 50mb of disk space and then exec's prelink.bin.

OK, this needs a ifdef(`distro_debian', around it.

Do you think we should have the shell script labelled as sbin_t on Debian?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: prelink on debian

[Luke Kenneth Casson Leighton]

On Wed, Aug 25, 2004 at 09:43:25PM +1000, Russell Coker wrote:
> On Tue, 24 Aug 2004 09:21, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> > prelink is a script on debian: i had to add this because prelink checks
> > that there's > 50mb of disk space and then exec's prelink.bin.
> 
> OK, this needs a ifdef(`distro_debian', around it.
 
 oh yeh :)

> Do you think we should have the shell script labelled as sbin_t on Debian?

 i don't know enough about FHS to be able to advise you: perhaps someone
 else here could answer that better.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: prelink on debian

[Russell Coker]

On Wed, 25 Aug 2004 23:16, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> On Wed, Aug 25, 2004 at 09:43:25PM +1000, Russell Coker wrote:
> > On Tue, 24 Aug 2004 09:21, Luke Kenneth Casson Leighton <lkcl@lkcl.net> 
wrote:
> > > prelink is a script on debian: i had to add this because prelink checks
> > > that there's > 50mb of disk space and then exec's prelink.bin.
> >
> > OK, this needs a ifdef(`distro_debian', around it.
>
>  oh yeh :)
>
> > Do you think we should have the shell script labelled as sbin_t on
> > Debian?
>
>  i don't know enough about FHS to be able to advise you: perhaps someone
>  else here could answer that better.

It's not a FHS issue.

Do we need the shell script to transition to prelink_t or can it run in the 
calling domain (maybe system_crond_t)?  If it can run in the calling domain 
then it may be best not to have it labeled due to the transition on shell 
script issues.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: prelink on debian

[Luke Kenneth Casson Leighton]

On Wed, Aug 25, 2004 at 11:52:14PM +1000, Russell Coker wrote:
> On Wed, 25 Aug 2004 23:16, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> > On Wed, Aug 25, 2004 at 09:43:25PM +1000, Russell Coker wrote:
> > > On Tue, 24 Aug 2004 09:21, Luke Kenneth Casson Leighton <lkcl@lkcl.net> 
> wrote:
> > > > prelink is a script on debian: i had to add this because prelink checks
> > > > that there's > 50mb of disk space and then exec's prelink.bin.
> > >
> > > OK, this needs a ifdef(`distro_debian', around it.
> >
> >  oh yeh :)
> >
> > > Do you think we should have the shell script labelled as sbin_t on
> > > Debian?
> >
> >  i don't know enough about FHS to be able to advise you: perhaps someone
> >  else here could answer that better.
> 
> It's not a FHS issue.
 
 oh, right.

> Do we need the shell script to transition to prelink_t or can it run in the 
> calling domain (maybe system_crond_t)?  

 well, that's where it's run from (as a cron job),
 also it's run as a sysadm_r on the first initial setup of prelink.

 i'm not even going to pretend to say i know enough to help
 make a decision on this one!

-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.