Laurent Bigonville <bi...@debian.org> writes: > Lars Wirzenius wrote: > >> * default: install files in /usr only >> * kernel: install files in /boot, trigger initramfs >> * core: can install files anywhere, trigger anything >> * maintained-by-liw: full power to do anything >> >> This might be implemented in various ways. For example, dpkg could >> create a temporary directory, and bind mount the directories the >> profile indicates are needed, into a temporary shadow of the full >> system. Maintainer scripts would be run in the shadow environment. >> Thus, if they try to do something that isn't allowed by the packages >> profile, they can't. > This can be done with SELinux as well, the maintainer scripts can be > labeled and dpkg will run them in the desired context.
I like the general project, but feel obliged to point out that having maintainer scripts fail is not nice for users, so we'd need to think about how to handle security/liw-classification failures. d
