Bug#515131: marked as done (setroubleshoot: check SELinux presence reliably)

Debian Bug Tracking System Wed, 15 Apr 2009 06:54:59 -0700

Your message dated Wed, 15 Apr 2009 13:47:18 +0000
with message-id <[email protected]>
and subject line Bug#515131: fixed in setroubleshoot 2.1.6-1
has caused the Debian Bug report #515131,
regarding setroubleshoot: check SELinux presence reliably
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
515131: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515131
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: setroubleshoot
Version: 2.0.12-2
Severity: important
Tags: patch


The way you are testing selinux's presence seems to be wrong.
r...@champaran:~$ sestatus=$(sestatus ||: 2>/dev/null)
r...@champaran:~$ echo $sestatus
SELinux status: enabled SELinuxfs mount: /selinux Current mode:
permissive Mode from config file: permissivePolicy version: 24 Policy
from config file: default
r...@champaran:~$ is_enabled=$(echo $sestatus |grep status |tr " " "\n"
|tail -n 1)
r...@champaran:~$ echo $is_enabled
default
r...@champaran:~$ echo $sestatus |grep status |tr " " "\n" |tail -n 1
default


SELinux has a simple util to check for its presence, selinuxenabled.
Here's what the manpage says:
DESCRIPTION
       selinuxenabled  Indicates whether SELinux is enabled or disabled.
It exits with status 0 if SELinux
       is enabled and 1 if it is not enabled.


I believe not many Debian Developer's use SELinux. :-)
Otherwise this would have been caught much earlier.

Attached patch should be able to determine SELinux's presence more
reliably.


Ritesh

-- System Information:
Debian Release: 5.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.28-custom (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages setroubleshoot depends on:
ii  dbus                          1.2.1-5    simple interprocess messaging syst
ii  python                        2.5.2-3    An interactive high-level object-o
ii  python-audit                  1.7.4-1    Python bindings for security audit
ii  python-gtkhtml2               2.19.1-3.1 Python bindings for the GtkHTML 2 
ii  python-notify                 0.1.1-2+b1 Python bindings for libnotify
ii  python-rpm                    4.4.2.3-1  Python bindings for RPM
ii  python-support                0.8.7      automated rebuilding support for P

Versions of packages setroubleshoot recommends:
ii  auditd                  1.7.4-1          User space tools for security audi
ii  policycoreutils         2.0.49-8         SELinux core policy utilities
ii  selinux-policy-default  2:0.0.20080702-6 Strict and Targeted variants of th
ii  setroubleshoot-plugins  2.0.12-1         Tool to help troubleshoot SELinux 

setroubleshoot suggests no packages.

-- no debconf information

--- setroubleshoot.orig 2009-02-14 02:05:20.000000000 +0530
+++ setroubleshoot      2009-02-14 02:11:21.000000000 +0530
@@ -94,14 +94,19 @@
 set -e
 
 check_selinux_enabled() {
-    sestatus=$(sestatus ||: 2>/dev/null)
-    is_enabled=$(echo $sestatus |grep status |tr " " "\n" |tail -n 1)
-
-    if [ "x$is_enabled" != "xenabled" ]; then
-        echo "SElinux is disabled, doing nothing"
-        exit 0
+    if ! [ -x /usr/sbin/selinuxenabled ]; then
+           echo "SELinux doesn't seem to be installed, doing nothing";
+           exit 0
+    else
+           selinuxenabled;
+           is_enabled=$?;
+           
+           if [ "x$is_enabled" != "x0" ]; then
+                   echo "SElinux is disabled, doing nothing"
+                   exit 0
+           fi
+           return 0
     fi
-    return 0
 }
 
 running_pid() {

--- End Message ---

--- Begin Message ---

Source: setroubleshoot
Source-Version: 2.1.6-1

We believe that the bug you reported is fixed in the latest version of
setroubleshoot, which is due to be installed in the Debian FTP archive:

setroubleshoot_2.1.6-1.diff.gz
  to pool/main/s/setroubleshoot/setroubleshoot_2.1.6-1.diff.gz
setroubleshoot_2.1.6-1.dsc
  to pool/main/s/setroubleshoot/setroubleshoot_2.1.6-1.dsc
setroubleshoot_2.1.6-1_amd64.deb
  to pool/main/s/setroubleshoot/setroubleshoot_2.1.6-1_amd64.deb
setroubleshoot_2.1.6.orig.tar.gz
  to pool/main/s/setroubleshoot/setroubleshoot_2.1.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pierre Chifflier <[email protected]> (supplier of updated setroubleshoot 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 15 Apr 2009 15:22:28 +0200
Source: setroubleshoot
Binary: setroubleshoot
Architecture: source amd64
Version: 2.1.6-1
Distribution: unstable
Urgency: low
Maintainer: Pierre Chifflier <[email protected]>
Changed-By: Pierre Chifflier <[email protected]>
Description: 
 setroubleshoot - Tool to help troubleshoot SELinux problems
Closes: 515131 515571
Changes: 
 setroubleshoot (2.1.6-1) unstable; urgency=low
 .
   * New Upstream Version
   * Make package arch:any, some parts are now coded in C
   * Fix dependencies (Closes: #515571)
   * Add consolekit to dependencies
   * setroubleshootd is now started dynamically (and is no more a daemon)
     It automatically dies when there are no client or alerts
     Init script has been removed (Closes: #515131)
   * Bump standards version to 3.8.1, no changes
   *
Checksums-Sha1: 
 45214ac97c0bab4a2dc9deb7a30b1c042d229517 1194 setroubleshoot_2.1.6-1.dsc
 8b9ab7da2f4726403e4c98fb1dfaebfd0bc18a27 1367774 
setroubleshoot_2.1.6.orig.tar.gz
 4aad16fe801e5ee98fcdbf93c6ef962978016785 4244 setroubleshoot_2.1.6-1.diff.gz
 9e0359f0848504cda9ce6e79862ab192dd4ce36a 1292158 
setroubleshoot_2.1.6-1_amd64.deb
Checksums-Sha256: 
 8e9711d96297cdbbd7568e125c81b999a48b2faf9fe300c9da0914a3e7c617bb 1194 
setroubleshoot_2.1.6-1.dsc
 e60d8eeb9a0391df1916d579d018ca6f050605b863b911f9bc28358356b742ef 1367774 
setroubleshoot_2.1.6.orig.tar.gz
 9b77b969e208510c18c592ff6c1fe1496946e02e079d91eae69444ab501cc7a7 4244 
setroubleshoot_2.1.6-1.diff.gz
 79caaa93ad2a991621338c343f351bb80cb241f1e625515082c6d5eb1bee7ffe 1292158 
setroubleshoot_2.1.6-1_amd64.deb
Files: 
 4d60794a5b5b2faaff0bd7794e80c24f 1194 admin extra setroubleshoot_2.1.6-1.dsc
 fdbc7a830fd19032e2daf32948482ebd 1367774 admin extra 
setroubleshoot_2.1.6.orig.tar.gz
 34932fdcabb6efadafd01723b9886af8 4244 admin extra 
setroubleshoot_2.1.6-1.diff.gz
 92dfa5a4df8810feae00046b9209f2f1 1292158 admin extra 
setroubleshoot_2.1.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ5eBvtwVrWo1fQMsRAkSsAKCQE1pT34nNe4NXRLFsX4AtBaXT8ACgqiZN
LJtEUTwdAVuZAVlRbhgpGEc=
=d4aK
-----END PGP SIGNATURE-----

--- End Message ---

Bug#515131: marked as done (setroubleshoot: check SELinux presence reliably)

Reply via email to