Author: Rainer Weikusat Date: To: dng Subject: Re: [DNG] running with separate / and /usr
Antonio Rendina via Dng <dng@???> writes: > The way I see it is that the packages that lives in /bin,/sbin should
> call only libraries at the same very level.
> Having a fake library that allows selinux to not be loaded can become
> a security concern (I didn't give it much thought, but I think you can
> see the risk).
> So, by my point of view, the solutions that I see are:
>
> 1) compile the packages without selinux
> 2) move all the required libraries to "/" hierarchy.
>
> My preference goes to number 2.
So far, this would be libpcre2. Additionally, udev and the kernel module
tools need libcrypto (from OpenSSL).
Complete list of programs in / which need libselinux (on my system):
(as determined by
find bin/ sbin/ -type f | while read x; do ldd $x 2>/dev/null | grep -q libcrypto && echo $x; done)
If moving the libraries was considered an acceptable solution, I'm
willing to create bug reports (or whatever else would be suitable) with
patches for the affected packages. I won't be able to work on this
before Sunday, though.