Bug#507171: piuparts: mount /selinux if enabled

Fri, 28 Nov 2008 10:51:04 -0800 

Package: piuparts
Version: 0.33
Severity: normal
Tags: patch

Hi,
I'm running piuparts on a selinux-enabled machine and got a "permission
denied" error on chage, turns out /selinux was not mounted. Attached
there's a patch against current subversion for mount/umounting selinux

thanks,
filippo

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26.3-mactel (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages piuparts depends on:
ii  apt                        0.7.19        Advanced front-end for dpkg
ii  debootstrap                1.0.10        Bootstrap a basic Debian system
ii  lsb-release                3.2-20        Linux Standard Base version report
ii  lsof                       4.78.dfsg.1-4 List open files
ii  python                     2.5.2-3       An interactive high-level object-o
ii  python-debian              0.1.12        Python modules to work with Debian

piuparts recommends no packages.

piuparts suggests no packages.

-- no debconf information

Index: piuparts.py
===================================================================
--- piuparts.py	(revision 173)
+++ piuparts.py	(working copy)
@@ -548,6 +548,7 @@
 
         self.configure_chroot()
         self.mount_proc()
+        self.mount_selinux()
         if settings.basetgz:
             self.run(["apt-get", "-yf", "upgrade"])
         self.minimize()
@@ -562,6 +563,7 @@
         """Remove a chroot and all its contents."""
         if not settings.keep_tmpdir and os.path.exists(self.name):
             self.unmount_proc()
+            self.unmount_selinux()
             shutil.rmtree(self.name)
             logging.debug("Removed directory tree at %s" % self.name)
 
@@ -864,6 +866,18 @@
                           indent_string(output))
             panic()
 
+
+    def mount_selinux(self):
+        if selinux_enabled():
+            run(["mkdir", "-p", self.relative("/selinux")])
+            run(["mount", "-t", "selinuxfs", "/selinux", self.relative("/selinux")]))
+            logging.info("SElinux mounted into chroot")
+
+    def unmount_selinux(self):
+        if selinux_enabled():
+            run(["umount", self.relative("/selinux")])
+            logging.info("SElinux unmounted from chroot")
+
     def mount_proc(self):
         """Mount /proc inside chroot."""
         self.run(["mount", "-t", "proc", "proc", "/proc"])
@@ -1221,6 +1235,14 @@
     def mount_proc(self): pass
     def unmount_proc(self): pass
 
+def selinux_enabled(enabled_test="/usr/sbin/selinuxenabled"):
+    if os.access(enabled_test, os.X_OK):
+        retval, output = run([enabled_test])
+        if retval == 0:
+            return True
+        else:
+            return False
+
 def objects_are_different(pair1, pair2):
     """Are filesystem objects different based on their meta data?"""
     (m1, target1) = pair1

Reply via email to