Package: selinux-basics Version: 0.3.5+nmu1 Severity: important Tags: patch
An "umount -a" is invoked in selinux-complete-relable() of /etc/init.d/selinux-basics. This was ok in prior versions because a reboot -f followed. Today, only a reboot without option -f is invoked which amounts to a "shutdown -r now". As a result, file systems are unmounted later in shutdown process. Therefore, a umount is not necessary in this script. My server failed to change into runlevel 6 after unmounting file systems. -- /var/log/boot (relevant part) Sun Feb 7 22:57:20 2010: Checking SELinux contexts: selinux-basics Sun Feb 7 22:57:20 2010: Relabeling your filesystems for SELinux......Cleaning out /tmp Sun Feb 7 22:57:21 2010: ***************** Sun Feb 7 22:57:37 2010: Relabeled, now reboot Sun Feb 7 22:57:37 2010: umount: /var: device is busy Sun Feb 7 22:57:37 2010: umount: /dev: device is busy Sun Feb 7 22:57:38 2010: Checking minimum space in /tmp...done. Sun Feb 7 22:57:38 2010: Setting up networking.... Sun Feb 7 22:57:38 2010: Configuring network interfaces...done. Sun Feb 7 22:57:39 2010: /etc/rcS.d/S55bootmisc.sh: line 50: savelog: command not found Sun Feb 7 22:57:39 2010: rm: cannot remove `/tmp/.clean': Read-only file system Sun Feb 7 22:57:39 2010: Initializing random number generator.../etc/rcS.d/S55urandom: line 31: find: command not found Sun Feb 7 22:57:39 2010: /etc/rcS.d/S55urandom: line 32: [: : integer expression expected Sun Feb 7 22:57:39 2010: done. Sun Feb 7 22:57:39 2010: /etc/rcS.d/S70screen-cleanup: line 27: find: command not found Sun Feb 7 22:57:39 2010: /etc/rcS.d/S70screen-cleanup: line 27: xargs: command not found Sun Feb 7 22:57:39 2010: INIT: Entering runlevel: 2 Sun Feb 7 22:57:39 2010: Running local boot scripts (/etc/rc.local). Sun Feb 7 22:57:40 2010: -- end /var/log/boot Though I am not abled to reproduce the error in a test environment, I suggest to remove the "umount -a" because it is redundant in most cases and fatal on maybe some more machines. After removing it the relabeling worked fine. -- /var/log/boot (relevant part) Sat Feb 13 14:29:16 2010: Checking SELinux contexts: selinux-basics Sat Feb 13 14:29:16 2010: Relabeling your filesystems for SELinux......Cleaning out /tmp Sat Feb 13 14:29:17 2010: ***************** Sat Feb 13 14:29:30 2010: Relabeled, now reboot Sat Feb 13 14:29:31 2010: INIT: Switching to runlevel: 6 -- end /var/log/boot
diff -urN a/etc/init.d/selinux-basics b/etc/init.d/selinux-basics --- a/etc/init.d/selinux-basics 2010-02-13 14:52:39.000000000 +0100 +++ b/etc/init.d/selinux-basics 2010-02-13 14:53:02.000000000 +0100 @@ -61,7 +61,6 @@ # re-enable SELinux if enabled before if [ ! -f /.autorelabel ]; then echo "Relabeled, now reboot" - umount -a || true sync reboot fi
