Red Hat Bugzilla – Bug 214605
Add some SE Linux specific checks
Last modified: 2007-11-30 17:11:48 EST
Description of problem:
rpmlint does not know about some SE Linux related problems that could exist in
scriptlets. For example, using chcon and runcon requires knowing a policy type -
which could change on a policy upgrade and completely break the scriptlet. I
will attach a patch that detects encoded policy knowledge in scriplets.
Version-Release number of selected component (if applicable):
Created attachment 140668 [details]
Patch addressing the issues listed above
Thanks. Could you submit a message that would be displayed when rpmlint is run
with -i/-I? Ideally, the message should describe what's wrong and what to do
about it. I'm thinking about something like this, but I'm not knowledgeable
enough about SELinux to write the "what to do about it" part:
A command which may require intimate knowledge about specific SELinux
policy types which are subject to change in future policies was found
in the scriptlet. [Fill here what the packager should do about it.]
Sure, here's the text slightly modified from above:
A command which requires intimate knowledge about a specific SELinux
policy type was found in the scriptlet. These types are subject to change
on a policy version upgrade. The packager should should use the restorecon
command which querries the currently loaded policy for the correct type.
Applied upstream with further minor tweaks as
http://rpmlint.zarb.org/cgi-bin/trac.cgi/changeset/1293, will be in the next
rpmlint release. Thanks!
Done in upcoming 0.79-1.