I installed dpkg_1.18.4_armhf.deb by remounting selinux, It seems to help a tiny bit. By the changelog there have been recent selinux changes to it. I still almost always get the error about the security handle though.
Is it possible that it can't get a security handle because the file doesn't have one? Should that get applied automatically to every downloaded file like a umask even if somebody's not trying to use selinux? Could that happen too slowly in an apt-get install scenario? In src/selinux.c is: sehandle = selabel_open(SELABEL_CTX_FILE, NULL, 0); if (sehandle == NULL) ohshite(_("cannot get security labeling handle")); There is variable selinux_enabled but the step that gives the error message seems to be outside the tests using it. In the spirit of using permissive mode it seems like it should give a warning rather than being fatal to the install. How about an selinux addition to dpkg's force options? Forcing one deb to install (pass it the name of the downloaded deb): ------- #!/bin/sh mount -o remount,ro /sys/fs/selinux dpkg -i $1 mount -o remount,rw /sys/fs/selinux ------ I think it works because it seems to take selinux a few seconds to realize it can't write to its directory and panic. Having it all in one script squeaks it under its radar. On 1/14/16, Alan Corey <alan01...@gmail.com> wrote: > I extracted the Jessie and Wheezy(?) binary debs to grep them. The > string "security labeling" is in the Jessie dpkg binary, it's not in > the Wheezy(?) one. > > dpkg 1.17.25 has it, 1.16.16 doesn't. That's why the old version > doesn't give that error. Now to find the source and look there. > > Wondering what happens if I try to install a bunch of stuff, let it > fail, then remount selinux ro and do an apt-get -f install to try to > get in under the wire. Otherwise I don't think I can compile a changed > version if I make one. I did find that holding my power button ~10 > seconds will shut it down even when selinux has it locked. > > On 1/14/16, Alan Corey <alan01...@gmail.com> wrote: >> Other people seem to be seeing this too with Android > 5.0 and recent >> Linux. Debian Jessie and Ubuntu Trusty seem affected. But I have my >> old SD card set up around 2/7/2015 and it works fine. That would have >> been Wheezy I think, I had to modify Debian Kit to not install >> Squeeze. I have at least that in my notes. I've been using Wheezy >> for a couple weeks with no problem, but switch back to Jessie and I >> get the selinux problem again. >> >> Booted up fine this morning after I charged the battery. But make >> isn't in binutils so I added it with apt-get, had to remount selinx >> ro, now I'm waiting for the battery to run down to reboot again >> because it locked again. I just want to improve that error message to >> explain the error a little better. >> >> What would happen if I intermixed armel and armhfs executables? >> >> On 1/14/16, Paul Wise <p...@debian.org> wrote: >>> On Thu, Jan 14, 2016 at 12:37 PM, Alan Corey wrote: >>> >>>> Maybe I should scrap this and reinstall. >>> >>> Not sure. Either way, once you figured out the issue, please add a >>> section to the chroot on Android page. >>> >>> https://wiki.debian.org/ChrootOnAndroid >>> >>> -- >>> bye, >>> pabs >>> >>> https://wiki.debian.org/PaulWise >>> >>> >> >> >> -- >> Credit is the root of all evil. - AB1JX >> > > > -- > Credit is the root of all evil. - AB1JX > -- Credit is the root of all evil. - AB1JX