Your message dated Sat, 13 Mar 2021 13:16:41 +0000
with message-id <[email protected]>
and subject line unblock policycoreutils
has caused the Debian Bug report #984642,
regarding unblock: policycoreutils/3.1-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
984642: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984642
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package policycoreutils
(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)
[ Reason ]
This version fixes bug #983447 which is grave and risks kicking the package
out of Bullseye. It also closes bug #922448 and avoids trying to relabel
non-persistent filesystems on reboot.
[ Impact ]
All SE Linux packages get removed from Debian I guess, catastrophic for all
SE Linux users in Debian.
[ Tests ]
Manual test is to create an empty file /.autorelabel and reboot the system
and verify that it causes a relabel, then create a file /.autorelabel with
the contents "-F" and verify that it works.
[ Risks ]
The changed code is pretty simple, and in day to day usage it isn't even
used. It's only used for corner cases of an initial installation.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
(Anything else the release team should know.)
unblock policycoreutils/3.1-3
Here is the debdiff:
diff -Nru policycoreutils-3.1/debian/changelog
policycoreutils-3.1/debian/changelog
--- policycoreutils-3.1/debian/changelog 2021-02-11 02:46:48.000000000
+1100
+++ policycoreutils-3.1/debian/changelog 2021-03-05 20:45:24.000000000
+1100
@@ -1,3 +1,16 @@
+policycoreutils (3.1-3) unstable; urgency=medium
+
+ * Remove needless quotes around $FORCE variable in
+ /lib/systemd/selinux-autorelabel to avoid shell error on empty file
+ Closes: #983447
+ * Add check for noautorelabel command line option to prevent relabeling
+ Closes: #922448
+ * Make fixfiles avoid trying to relabel tmpfs and other non-permanent
+ filesystems
+ Closes: #984567
+
+ -- Russell Coker <[email protected]> Fri, 05 Mar 2021 20:45:24 +1100
+
policycoreutils (3.1-2) unstable; urgency=medium
[ Laurent Bigonville ]
diff -Nru policycoreutils-3.1/debian/local/selinux-autorelabel
policycoreutils-3.1/debian/local/selinux-autorelabel
--- policycoreutils-3.1/debian/local/selinux-autorelabel 2021-02-11
02:46:48.000000000 +1100
+++ policycoreutils-3.1/debian/local/selinux-autorelabel 2021-03-05
20:32:47.000000000 +1100
@@ -29,7 +29,7 @@
FORCE=$(cat /.autorelabel)
[ -x "/sbin/quotaoff" ] && /sbin/quotaoff -aug
- /sbin/fixfiles "$FORCE" restore
+ /sbin/fixfiles $FORCE restore
fi
rm -f /.autorelabel
[ -x /usr/lib/dracut/dracut-initramfs-restore ] &&
/usr/lib/dracut/dracut-initramfs-restore
diff -Nru policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh
policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh
--- policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh
2021-02-11 02:46:48.000000000 +1100
+++ policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh
2021-03-05 20:05:29.000000000 +1100
@@ -21,6 +21,9 @@
}
if selinuxenabled; then
+ if grep -sqE "\bnoautorelabel\b" /proc/cmdline; then
+ exit 0
+ fi
if test -f /.autorelabel; then
set_target
elif grep -sqE "\bautorelabel\b" /proc/cmdline; then
diff -Nru policycoreutils-3.1/debian/patches/fixfiles-remove-extras
policycoreutils-3.1/debian/patches/fixfiles-remove-extras
--- policycoreutils-3.1/debian/patches/fixfiles-remove-extras 1970-01-01
10:00:00.000000000 +1000
+++ policycoreutils-3.1/debian/patches/fixfiles-remove-extras 2021-03-05
20:37:08.000000000 +1100
@@ -0,0 +1,13 @@
+Index: policycoreutils-3.1/scripts/fixfiles
+===================================================================
+--- policycoreutils-3.1.orig/scripts/fixfiles
++++ policycoreutils-3.1/scripts/fixfiles
+@@ -45,7 +45,7 @@ FS="`cat /proc/self/mounts | sort | uniq
+ for i in $FS; do
+ if [ `useseclabel` -ge 0 ]
+ then
+- grep " $i " /proc/self/mounts | awk '{print $4}' | egrep
--silent '(^|,)seclabel(,|$)' && echo $i
++ grep " $i " /proc/self/mounts | egrep -v "(tmpfs)|(
/sys)|(^devpts)|(^hugetlbfs)|(^mqueue)" | awk '{print $4}' | egrep --silent
'(^|,)seclabel(,|$)' && echo $i
+ else
+ grep " $i " /proc/self/mounts | grep -v "context=" | egrep
--silent '(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs )' && echo $i
+ fi
diff -Nru policycoreutils-3.1/debian/patches/series
policycoreutils-3.1/debian/patches/series
--- policycoreutils-3.1/debian/patches/series 2021-02-11 02:46:48.000000000
+1100
+++ policycoreutils-3.1/debian/patches/series 2021-03-05 20:33:22.000000000
+1100
@@ -1 +1,2 @@
fixfiles-correctly-restore-context-of-mountpoints.patch
+fixfiles-remove-extras
--- End Message ---
--- Begin Message ---
Unblocked policycoreutils.
--- End Message ---
