Package: selinux-policy-default
Version: 2:2.20240202-1
Tags: patch
The invocation of semodule in the postinst maintanier script might
fail, e.g. due to conflicts with local modifications.
Since by default the CIL log level is error and those error messages
are rather generic the actual cause is most of the time not shown.
A solution is to run semodule in verbose mode, which increases the
verbosity of CIL from error to warning, see
https://github.com/SELinuxProject/selinux/blob/82195e77e317d322dd9b5fc31d402462d6845357/policycoreutils/semodule/semodule.c#L419:
--- debian/postinst.policy.bak 2024-02-21 21:56:04.383102610 +0100
+++ debian/postinst.policy 2024-02-21 21:56:09.307157364 +0100
@@ -117,7 +117,7 @@
fi
ret=0
- semodule -X $priority $noreload -s $flavour $to_remove
$to_install $to_disable || ret=$?
+ semodule -v -X $priority $noreload -s $flavour $to_remove
$to_install $to_disable || ret=$?
if [ $ret -eq 0 ]; then
echo " done."
else
_______________________________________________
SELinux-devel mailing list
SELinux-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel
