Your message dated Sun, 11 Sep 2005 09:02:09 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#242900: fixed in sysvinit 2.86.ds1-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Apr 2004 14:19:14 +0000
>From [EMAIL PROTECTED] Fri Apr 09 07:19:14 2004
Return-path: <[EMAIL PROTECTED]>
Received: from ns.sws.net.au [61.95.69.3]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BBwqf-0007rA-00; Fri, 09 Apr 2004 07:19:13 -0700
Received: from localhost (localhost [127.0.0.1])
by ns.sws.net.au (Postfix) with ESMTP
id 062D361C5B; Sat, 10 Apr 2004 00:19:09 +1000 (EST)
Received: from ns.sws.net.au ([127.0.0.1])
by localhost (ns [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id 17989-01; Sat, 10 Apr 2004 00:19:07 +1000 (EST)
Received: from lyta.coker.com.au (localhost [127.0.0.1])
by ns.sws.net.au (Postfix) with ESMTP
id 22F9261BD6; Sat, 10 Apr 2004 00:19:07 +1000 (EST)
Received: by lyta.coker.com.au (Postfix, from userid 1001)
id 7EECCB5878; Sat, 10 Apr 2004 00:19:05 +1000 (EST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Russell Coker <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: sysvinit: wish it had support for SE Linux
X-Mailer: reportbug 2.56
Date: Sat, 10 Apr 2004 00:19:05 +1000
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p5 (Debian) at sws.net.au
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
spohr.debian.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.60
X-Spam-Level:
X-CrossAssassin-Scores: 1 1
Package: sysvinit
Version: 2.85-12.se1
Severity: wishlist
The following patch makes it build with SE Linux support. When running SE
Linux the security policy has to be loaded before init becomes fully
functional, the best way of doing this is to have init perform the policy load.
This patch is derived from the patch used in Fedora and has been well tested.
diff -ruN orig/sysvinit-2.85/debian/changelog sysvinit-2.85/debian/changelog
--- orig/sysvinit-2.85/debian/changelog 2004-04-09 23:25:22.000000000 +1000
+++ sysvinit-2.85/debian/changelog 2004-04-09 23:27:12.000000000 +1000
@@ -1,3 +1,9 @@
+sysvinit (2.85-15.se1) unstable; urgency=high
+
+ * Build with SE Linux support.
+
+ -- Russell Coker <[EMAIL PROTECTED]> Fri, 9 Apr 2004 23:27:00 +1000
+
sysvinit (2.85-15) unstable; urgency=high
* Drop bogus dependency on fileutils (closes: #241570)
diff -ruN orig/sysvinit-2.85/debian/control sysvinit-2.85/debian/control
--- orig/sysvinit-2.85/debian/control 2004-04-09 23:25:22.000000000 +1000
+++ sysvinit-2.85/debian/control 2004-04-09 23:26:25.000000000 +1000
@@ -3,7 +3,7 @@
Priority: required
Maintainer: Miquel van Smoorenburg <[EMAIL PROTECTED]>
Standards-Version: 3.5.2.0
-Build-Depends: bash
+Build-Depends: bash, libselinux1-dev
Package: sysvinit
Essential: yes
diff -ruN orig/sysvinit-2.85/src/Makefile sysvinit-2.85/src/Makefile
--- orig/sysvinit-2.85/src/Makefile 2004-04-09 23:25:23.000000000 +1000
+++ sysvinit-2.85/src/Makefile 2004-04-09 23:26:25.000000000 +1000
@@ -9,8 +9,8 @@
#
CC = gcc
-CFLAGS = -Wall -O2 -fomit-frame-pointer -D_GNU_SOURCE
-LDFLAGS = -s
+CFLAGS = -Wall -O2 -fomit-frame-pointer -D_GNU_SOURCE -DWITH_SELINUX
+LDFLAGS = -s -lselinux
STATIC =
# For some known distributions we do not build all programs, otherwise we do.
diff -ruN orig/sysvinit-2.85/src/init.c sysvinit-2.85/src/init.c
--- orig/sysvinit-2.85/src/init.c 2004-04-09 23:25:23.000000000 +1000
+++ sysvinit-2.85/src/init.c 2004-04-09 23:26:25.000000000 +1000
@@ -80,6 +80,83 @@
sigaction(sig, &sa, NULL); \
} while(0)
+#ifdef WITH_SELINUX
+#include <sys/mman.h>
+#include <selinux/selinux.h>
+#include <sys/mount.h>
+
+static int load_policy(int *enforce)
+{
+ int fd=-1,ret=-1;
+ int rc=0;
+ struct stat sb;
+ void *map;
+ char policy_file[PATH_MAX];
+ int policy_version=0;
+ extern char *selinux_mnt;
+
+ initlog(L_VB, "Loading security policy\n");
+ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
+ if (errno == ENODEV) {
+ initlog(L_VB, "SELinux not supported by kernel: %s\n",strerror(errno));
+ }
+ else {
+ initlog(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
+ return ret;
+ }
+ return ret; /* Never gets here */
+ }
+
+ selinux_mnt = SELINUXMNT; /* set manually since we mounted it */
+
+ policy_version=security_policyvers();
+ if (policy_version < 0) {
+ initlog(L_VB, "Can't get policy version: %s\n", strerror(errno));
+ goto UMOUNT;
+ }
+
+ rc=security_getenforce();
+ if (rc < 0) {
+ initlog(L_VB, "Can't get SELinux enforcement flag: %s\n",
strerror(errno));
+ goto UMOUNT;
+ }
+ *enforce=rc;
+
+
snprintf(policy_file,sizeof(policy_file),"%s.%d",SELINUXPOLICY,policy_version);
+ fd = open(policy_file, O_RDONLY);
+ if (fd < 0) {
+ initlog(L_VB, "Can't open '%s': %s\n",
+ policy_file, strerror(errno));
+ goto UMOUNT;
+ }
+
+ if (fstat(fd, &sb) < 0) {
+ initlog(L_VB, "Can't stat '%s': %s\n",
+ policy_file, strerror(errno));
+ goto UMOUNT;
+ }
+
+ map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
+ if (map == MAP_FAILED) {
+ initlog(L_VB, "Can't map '%s': %s\n",
+ policy_file, strerror(errno));
+ goto UMOUNT;
+ }
+ ret=security_load_policy(map, sb.st_size);
+ if (ret < 0) {
+ initlog(L_VB, "security_load_policy failed\n");
+ }
+
+UMOUNT:
+ /*umount(SELINUXMNT); */
+ if ( fd >= 0) {
+ close(fd);
+ }
+ return(ret);
+}
+#endif
+
+
/* Version information */
char *Version = "@(#) init " VERSION " " DATE " [EMAIL PROTECTED]";
char *bootmsg = "version " VERSION " %s";
@@ -2647,6 +2724,20 @@
maxproclen += strlen(argv[f]) + 1;
}
+#ifdef WITH_SELINUX
+ if (getenv("SELINUX_INIT") == NULL) {
+ putenv("SELINUX_INIT=YES");
+ int enforce=0;
+ if (load_policy(&enforce) == 0 ) {
+ execv(myname, argv);
+ } else {
+ if (enforce)
+ /* SELinux in enforcing mode but load_policy failed */
+ exit(1);
+ }
+ }
+#endif
+
/* Start booting. */
argv0 = argv[0];
argv[1] = NULL;
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.24-newse
Locale: LANG=C, LC_CTYPE=C
Versions of packages sysvinit depends on:
hi initscripts 2.85-15.se1 Standard scripts needed for bootin
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libselinux1 1.10-0.1 SELinux shared libraries
hi sysv-rc 2.85-15.se1 Standard boot mechanism using syml
-- no debconf information
---------------------------------------
Received: (at 242900-close) by bugs.debian.org; 11 Sep 2005 16:08:06 +0000
>From [EMAIL PROTECTED] Sun Sep 11 09:08:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EEUHR-0003Fn-00; Sun, 11 Sep 2005 09:02:09 -0700
From: Petter Reinholdtsen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#242900: fixed in sysvinit 2.86.ds1-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 11 Sep 2005 09:02:09 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3
Source: sysvinit
Source-Version: 2.86.ds1-2
We believe that the bug you reported is fixed in the latest version of
sysvinit, which is due to be installed in the Debian FTP archive:
initscripts_2.86.ds1-2_i386.deb
to pool/main/s/sysvinit/initscripts_2.86.ds1-2_i386.deb
sysv-rc_2.86.ds1-2_all.deb
to pool/main/s/sysvinit/sysv-rc_2.86.ds1-2_all.deb
sysvinit_2.86.ds1-2.diff.gz
to pool/main/s/sysvinit/sysvinit_2.86.ds1-2.diff.gz
sysvinit_2.86.ds1-2.dsc
to pool/main/s/sysvinit/sysvinit_2.86.ds1-2.dsc
sysvinit_2.86.ds1-2_i386.deb
to pool/main/s/sysvinit/sysvinit_2.86.ds1-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <[EMAIL PROTECTED]> (supplier of updated sysvinit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 11 Sep 2005 17:46:54 +0200
Source: sysvinit
Binary: sysv-rc sysvinit initscripts
Architecture: source i386 all
Version: 2.86.ds1-2
Distribution: unstable
Urgency: low
Maintainer: Miquel van Smoorenburg <[EMAIL PROTECTED]>
Changed-By: Petter Reinholdtsen <[EMAIL PROTECTED]>
Description:
initscripts - Standard scripts needed for booting and shutting down
sysv-rc - Standard boot mechanism using symlinks in /etc/rc?.d
sysvinit - System-V like init
Closes: 30659 85221 204857 225476 242900 247102 248739 249515 270919 300963
315611 316290 326640 327612
Changes:
sysvinit (2.86.ds1-2) unstable; urgency=low
.
* This package is now maintained on Alioth as the pkg-sysvinit project.
* Add myself as uploader.
* Add support for linprocfs on kFreeBSD. Patch from Robert
Millan. (Closes: #300963)
* Rewrote /etc/mtab handling in mountvirtfs to work with SELinux.
Based on patch from Luke Kenneth Casson Leighton.
(Closes: #270919)
* Add SELinux support to sysvinit on linux. Add build-depend on
libselinux1-dev and libsepol1-dev for all linux archs. Patch from
Manoj Srivastava, based on patch from Fedora. (Closes: #242900,
#249515,#315611)
* Drop redundant build-depend on essensial package bash.
* Add version 0.47 of startpar(8) program from SuSe. Part of
experimental parallel booting system. Not included by default
yet, as it tend to hang during boot.
* Add support for starting init.d scripts on the same level in
parallel, to speed up the boot process a bit. Currently, only a
simple system is implemented (and enabled by adding
CONCURRENCY=shell in /etc/default/rcS). This simple system messes
up the script output during boot. Disabled by default. (Closes:
#316290)
* Add 'kdm xdm gdm $syslog' as conditional dependencies of
rmnologin, to move it further back in the boot process.
* Make sure bootlogd return non-error exit code after forking off
the child. (Closes: #326640)
* Add more warning flags to list of compiler flags, to get more
info about problematic code.
* Avoid race-condition while fork()ing. Patch from SuSe.
(Closes: #327612)
* Improve error message when fork() fail in init. Patch from SuSe.
* Avoid hardcoding tty name length in wall, use UT_LINESIZE instead.
Patch from SuSe.
* Force kernel to reschedule after killing processes. Patch from SuSe.
* Make sure killall never tries to kill init (pid 1). Patch from SuSe.
* Acknowledge NMUs. (Closes: #30659, #85221, #204857, #225476,
#247102, #248739 #252059, #267935, #269774, #269894, #272588,
#272916, #273496, #277204, #281782, #284426, #286081, #287243,
#288098, #289562, #295094, #295335, #296489, #300645, #311741,
#314351, #316431, #317385, #317704, #318453, #318857, #323749,
#325933, #326460, #326495, #326647)
Files:
a5b801e4263d26896f48bbf037ccc84b 743 base required sysvinit_2.86.ds1-2.dsc
1702057aa49c50314b38a196dfc0a805 88879 base required
sysvinit_2.86.ds1-2.diff.gz
c909ab9b0f96d1942c77c684ec9dfd95 100656 base required
sysvinit_2.86.ds1-2_i386.deb
2d6853142b02ce9713fdf7ec946ccbb9 35660 base required
initscripts_2.86.ds1-2_i386.deb
2212a8883d895b54075c474488fff1c2 38456 base required sysv-rc_2.86.ds1-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDJFLI20zMSyow1ykRAoVQAKCPzzxB9BNqytu0xPoJ431uVTN+GQCfR5/k
LA8nyup+/JerXkeQChpBlEo=
=auyU
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
