Re: SELinux and third party installers

On Thu, 30 Dec 2004 22:52:02 -0500, Daniel J Walsh wrote:
> The problem is that sometimes file like share libraries need a different 
> file context (shlib_t)
> than the directory they are being copied to (lib_t).  RPM and now 
> install have the smarts to handle this.  mv and cp do not.

I see. What happens if you create a file in a lib_t directory using the
standard POSIX APIs? I looked at the Loki setup sources and it doesn't use
"cp" directly of course, it just opens files and copies them using a
read/write loop.

What happens if a library is put in a directory that isn't lib_t, and the
DSO is not marked as shlib_t? Does the linker refuse to link it? Or is it
just that ldconfig cannot read them.

I have a game here where it uses libraries marked as file_t, and it seems
to work when using LD_LIBRARY_PATH which makes me happier :)

Most third party programs do not rely on the linker cache anyway, so I
suppose this is a good thing.

> What do you base this on?  Fedora is where most of the SELinux 
> development has been going on.

Yes, I mean it's hard to find out how Fedora differs from Debian or Gentoo
SELinux-wise. If I use "install" does this only work on Fedora? Or is this
something that will eventually be merged into other distributions too.
What about the pam_selinux module, is that used elsewhere or on other
distros must I remember to use the SELinux su equivalent as well? (I
forgot it's name ...)

thanks -mike