Paolo,
We are suggesting the change below since SELinux will apparently be useless if
is_selinux_enabled() returns -1, and the warnings in that case are not clearly
helpful.
On Sun, Dec 06, 2009 at 08:09:18PM +0100, Frans Pop wrote:
> If I repeat the installation of grub-pc now, the warnings do *not* occur,
> so there seems to be a bug that blindly assumes selinux is active if /proc
> is not mounted?
>
> Attached an strace for one of the sed processes which shows the file
> accesses from libselinux1 with /proc unmounted.
>
> Hmmm. is_selinux_enabled() in src/enabled.c has the following code which is
> executed if selinux_mnt is NULL:
> /* Drop back to detecting it the long way. */
> fp = fopen("/proc/filesystems", "r");
> if (!fp)
> return -1;
>
> So, is_selinux_enabled() returns -1 here, which makes the test in sed true:
> ./sed-4.2.1/sed/execute.c:748: if (is_selinux_enabled ())
>
> Should sed maybe explicitly test for a value of 1 (or > 0) instead?
diff --git a/sed/execute.c b/sed/execute.c
index b83c9ec..17bf076 100644
--- a/sed/execute.c
+++ b/sed/execute.c
@@ -745,7 +745,7 @@ open_next_file(name, input)
panic(_("couldn't edit %s: not a regular file"), input->in_file_name);
#ifndef BOOTSTRAP
- if (is_selinux_enabled ())
+ if (is_selinux_enabled () == 1)
{
security_context_t con;
if (getfilecon (input->in_file_name, &con) != -1)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
