Your message dated Sun, 20 Sep 2015 15:40:24 +0000 with message-id <[email protected]> and subject line Bug#727305: fixed in selinux-basics 0.5.3 has caused the Debian Bug report #727305, regarding selinux-basics: initscript fails in relabel_minimal() to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 727305: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727305 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: selinux-basics Version: 0.5.2 Severity: normal The selinux-basic init script fails, with little info: # invoke-rc.d selinux-basics start [....] Checking SELinux contexts: selinux-basics invoke-rc.d: initscript selinux-basics, action "start" failed. I pinned the problem down to the function 'relabel_minimal', specifically line 45: /sbin/restorecon -R /dev /etc/mtab 2>/dev/null The behavior of restorecon is odd here. Running # /sbin/restorecon -R /dev /etc/mtab ; echo $? 1 gives exit status 1, but running # /sbin/restorecon -R /dev ; echo $? 0 # /sbin/restorecon -R /etc/mtab ; echo $? 0 # /sbin/restorecon -R /etc/mtab /dev ; echo $? 0 all give exit status 0. For a while now, /etc/mtab has been a symlink to /proc/mounts, which I'd guess is a crucial part of the problem since the restorecon man page says it doesn't operate on symlinks. Anyway, relabeling /etc/mtab -> /proc/mounts seems to not do anything on my system. The first run of restorecon after a reboot gives: # ls -Z /etc/mtab /proc/mounts system_u:object_r:etc_t:SystemLow /etc/mtab system_u:object_r:proc_t:SystemLow /proc/mounts # restorecon -R -v /etc/mtab # ls -Z /etc/mtab /proc/mounts system_u:object_r:etc_t:SystemLow /etc/mtab system_u:object_r:proc_t:SystemLow /proc/mounts Attached is a patch that removes the relabeling of /etc/mtab. Thanks. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.11-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-basics depends on: ii checkpolicy 2.1.12-1 ii policycoreutils 2.1.13-2+b1 pn python:any <none> ii selinux-utils 2.1.13-3 Versions of packages selinux-basics recommends: ii selinux-policy-default 2:2.20110726-13 ii setools 3.3.8-1 Versions of packages selinux-basics suggests: ii logcheck 1.3.15 pn syslog-summary <none> -- no debconf information--- selinux-basics.orig 2013-10-23 12:32:39.866014812 -0700 +++ selinux-basics 2013-10-23 14:52:25.886330625 -0700 @@ -37,11 +37,11 @@ fi fi -# Relabel /dev and /etc/mtab +# Relabel /dev relabel_minimal() { # when selinux is enabled, relabel /dev if [ -n "$selinuxenabled" -a -x /sbin/restorecon ]; then - /sbin/restorecon -R /dev /etc/mtab 2>/dev/null + /sbin/restorecon -R /dev 2>/dev/null fi }
--- End Message ---
--- Begin Message ---Source: selinux-basics Source-Version: 0.5.3 We believe that the bug you reported is fixed in the latest version of selinux-basics, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville <[email protected]> (supplier of updated selinux-basics package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 20 Sep 2015 15:54:34 +0200 Source: selinux-basics Binary: selinux-basics Architecture: source all Version: 0.5.3 Distribution: experimental Urgency: medium Maintainer: Debian SELinux maintainers <[email protected]> Changed-By: Laurent Bigonville <[email protected]> Description: selinux-basics - SELinux basic support Closes: 542907 569698 727305 796693 Changes: selinux-basics (0.5.3) experimental; urgency=medium . * Team upload. * Drop the selinux-basics initscript, this package is not responsible anymore for relabeling the filesystem on boot. Please see new policycoreutils (>= 2.4) version. (Closes: #569698, #542907, #796693, #727305) * check-selinux-installation: Switch to python3 * debian/compat: Bump compat version to 9 * debian/control: Bump Standards-Version to 3.9.6 (no further changes) * selinux-activate: Do not modify the kdm pam service anymore, latest version of the kdm package is properly calling pam_selinux already. * selinux-activate: Expect selinuxfs to be mounted under /sys/fs/selinux * debian/control: Add dh-python to the Build-Depends * debian/control: Add ${perl:Depends} to the dependency list * debian/control: Add policycoreutils-python-utils to the Recommends Checksums-Sha1: 4b4860503fb93f7e1ec945a1f852e0efd8bec1c8 1346 selinux-basics_0.5.3.dsc c0ff71d8b9675e4a63ec81e94841659c9b19012e 10360 selinux-basics_0.5.3.tar.xz 2d622613fd8abb8d06f36cdbb5cfa517ec10a3be 14406 selinux-basics_0.5.3_all.deb Checksums-Sha256: b02ab26dd7f9133d45aa5a645f91bc0ce0588bbb44540d1dabc9f3548f0ec0d5 1346 selinux-basics_0.5.3.dsc ea16df927ec726b71617ba5808f67c1fa5ddfb25999ebbe2a84a81486615d7e9 10360 selinux-basics_0.5.3.tar.xz 27c98d59092155aef4782c7fc8d161346febd29c844ebc8378c2f61d58d8b2c7 14406 selinux-basics_0.5.3_all.deb Files: 2b90a1080afdf6c6f889f306c32c37e8 1346 admin optional selinux-basics_0.5.3.dsc 52e8c8cff7f9fc037d40b44c6d098574 10360 admin optional selinux-basics_0.5.3.tar.xz 42e3875deed89c79e9362e63b6b0f960 14406 admin optional selinux-basics_0.5.3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJV/rtzAAoJEB/FiR66sEPVd1AH/2tCIA92eHb+5uRrEGUkymt2 PC4EGhe3NUWxj8jxjmm2BxF38/fa1U7gbCsRfUU7meYLoLWvsAKAJNbmWHI5AZv+ Pf5ORp4KNxo1sv2AEG44PDpSS3/TU8aZBOQWRMvA3aBl2gd3oJbmt+pdjBzYdwwf DjB+aCpLMBVTEn56T5x719gOUjV7YxoqU5TJjKfQ0CftDnfwgjCjA0NmjGhp++vQ cLNmxkj7EUraGMhWmBYQB3GWImNQdDcE73khIhPa3Zm3lKWG3BjqLag/FVDRLIIv 47VkITlPnaIitkI9zUpacRWVoIoUKf88JPtcAPwRKssBNVS60qQNH23kBsEz0IE= =o5Ks -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
