On 2017-07-14 11:51, Michael Hirmke wrote:
Hi Marcus,
thx for your answer, but ...
On Thu, Jul 13, 2017 at 09:25:00PM +0200, Michael Hirmke wrote:
Hi *,
I have a few question regarding the files /etc/permissions* and chkstat on a Tumbleweed system:
According to the man pages and docs, chkstat is called whenever a configuration change was made. And chkstat should look into /etc/sysconfig/security to find the permissions.<type> file(s) to use. [...] What configurations changes are meant by the docs then? Shouldn't zypper also call chkstat after installation of all new packages? Or do I misunderstand the intention of the permissions package including chkstat?
There needs to be special %post and %verify scripts in the packages that need hooks in the permissions framework to refresh the permissions if the /usr/bin/gnome-keyring-daemon should behave like this.
... then every package maintainer has to add it to his packages. And whats more, the maintainer doesn't even know, that an adaministrator of a certain system wants to add capabilities or special permissions to one of the package files. On the other hand an administrator may forget that in an update of a few hundred packages is one that needs a rerun of chkstat. So IMHO it would be great to have it run automatically - for example when zypper [up|dup|patch] finishes. It could be controlled by a parameter in zypp.conf.
That's how it was run some years ago. In the past YaST or zypper ran "SuSEconfig" at the end of each modification run, and that script took care of everything. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)