Running scripts with specific credentials
MeeGo will have a security framework that will heavily leverage SMACK and
IMA/EVM. When packages are installed, we need to be able to set SMACK
labels, calculate/
credentials. I know that the plugin will not support all we need with
respect to this. For example, there is no plugin support for getting
called right after a file has been extracted which would seem to be the
optimal time (from a security perspective) to handle the digsigsum and
SMACK label. Also, running installation scripts with separate credentials
can't be done from the plugin. RPM does support doing both of these
things for SELinux, but the functionality to do that resides outside of
the plugin in older code. I would actually love to see some of this
functionality that was created for SELinux in other parts of the RPM code
base migrate into the plugin so that others can utilize the functionality,
but I also understand the limited scope of the plugin as it currently
exists.
Blueprint information
- Status:
- Not started
- Approver:
- Jeff Johnson
- Priority:
- Low
- Drafter:
- None
- Direction:
- Approved
- Assignee:
- Jeff Johnson
- Definition:
- Discussion
- Series goal:
- None
- Implementation:
- Deferred
- Milestone target:
- 5.3.6
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
MeeGo -> Tizen, and the current patches/proposal is here:
http://
Work Items
Dependency tree
* Blueprints in grey have been implemented.