Re: Limiting the power of packages
- Date: Fri, 05 Oct 2018 09:50:05 -0300
- From: David Bremner <david@xxxxxxxxxxx>
- Subject: Re: Limiting the power of packages
Laurent Bigonville <bigon@xxxxxxxxxx> writes:
> Lars Wirzenius wrote:
>> * default: install files in /usr only
>> * kernel: install files in /boot, trigger initramfs
>> * core: can install files anywhere, trigger anything
>> * maintained-by-liw: full power to do anything
>> This might be implemented in various ways. For example, dpkg could
>> create a temporary directory, and bind mount the directories the
>> profile indicates are needed, into a temporary shadow of the full
>> system. Maintainer scripts would be run in the shadow environment.
>> Thus, if they try to do something that isn't allowed by the packages
>> profile, they can't.
> This can be done with SELinux as well, the maintainer scripts can be
> labeled and dpkg will run them in the desired context.
I like the general project, but feel obliged to point out that having
maintainer scripts fail is not nice for users, so we'd need to think
about how to handle security/liw-classification failures.