Hi Laurent, On 18/06/14 18:27, Laurent Bigonville wrote: > Package: cdebconf > Version: 0.191 > Severity: wishlist > > Hi, > > Since 1.17.0, dpkg is trying to run the maintainer scripts in a > different context based on the file context and fallback on > "dpkg_script_t". > > OTHO, a maintainer script run by dpkg-reconfigure is never transitioned > out of the "dpkg_t" context. > > The maintainer scripts run by dpkg-reconfigure should also transition to > the appropriate context. > > Since libselinux 2.3, the setexecfilecon() function can be called for > every maintainer scripts just before they are executed.
I had a look at it this morning. As I'm not really a SELinux specialist, so I have a question. Would it make sense and be safe to apply it for all scripts run from cdebconf ? That would include dpkg-reconfigure, but also dpkg-preconfigure, and when cdebconf is called from dpkg (dpkg calls the script, which calls (c)debconf, which in turn exec the script again). Is the required modification then as simple as this ? + setexecfilecon(argv[1],"dpkg_script_t"); if (execv(argv[1], args) != 0) Thanks, Regis -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53ee0256.5080...@boudin.name
