On Mon, May 16, 2011 at 08:44:48PM +1000, Kel Modderman wrote: > On Sun, 15 May 2011 08:46:38 PM Roger Leigh wrote: > > I've attached a new patch. Note one (-deb) is a debdiff against > > the version in unstable. The other is against SVN. I've gzipped > > them to ensure saving the attachments won't result in encoding > > issues to correct the encoding issue. > > Thanks very much for it. It was applied.
Additional patch attached which follows the previous. This fixes up chroot detection on kfreebsd using new ischroot program in debianutils, and also fixes SELinux support. Note that the selinux patch requires an updates refpolicy so that we can Breaks: refpolicy (<< $newver), but this isn't available yet, so will need fixing in a future upload. I've included the changes here so that selinux users will get a working system as soon as refpoicy is updated, and we can add the Breaks after this is done. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Index: debian/control
===================================================================
--- debian/control (revision 1963)
+++ debian/control (working copy)
@@ -51,7 +51,7 @@
Package: initscripts
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${mount:Depends}, debianutils (>= 2.13.1), lsb-base (>= 3.2-14), sysvinit-utils (>= 2.86.ds1-64), sysv-rc | file-rc, coreutils (>= 5.93)
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${mount:Depends}, debianutils (>= 4), lsb-base (>= 3.2-14), sysvinit-utils (>= 2.86.ds1-64), sysv-rc | file-rc, coreutils (>= 5.93)
Recommends: psmisc, e2fsprogs
Conflicts: libdevmapper1.02.1 (<< 2:1.02.24-1)
Replaces: libc6, libc6.1, libc0.1, libc0.3
Index: debian/src/initscripts/lib/init/mount-functions.sh
===================================================================
--- debian/src/initscripts/lib/init/mount-functions.sh (revision 1963)
+++ debian/src/initscripts/lib/init/mount-functions.sh (working copy)
@@ -294,6 +294,7 @@
if [ -L "$OLD" ] && [ "$(readlink "$OLD")" != "$RUN" ]; then
rm -f "$OLD"
ln -fs "$RUN" "$OLD"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$OLD"
fi
# If both directories are the same, we don't need to do
@@ -327,6 +328,7 @@
else
rm -f "$OLD"
ln -fs "$RUN" "$OLD"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$OLD"
fi
fi
Index: debian/src/initscripts/etc/init.d/mountkernfs.sh
===================================================================
--- debian/src/initscripts/etc/init.d/mountkernfs.sh (revision 1963)
+++ debian/src/initscripts/etc/init.d/mountkernfs.sh (working copy)
@@ -44,6 +44,7 @@
# Make lock directory as the replacement for /var/lock
[ -d /run/lock ] || mkdir --mode=755 /run/lock
+ [ -x /sbin/restorecon ] && /sbin/restorecon /run/lock
# Mount /run/lock as tmpfs if enabled. This prevents user DoS
# of /run by filling /run/lock at the expense of using an
@@ -60,6 +61,7 @@
if [ -L /tmp ] && [ ! -d /tmp ]; then
TMPPATH="$(readlink /tmp)"
mkdir -p --mode=755 "$TMPPATH"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$TMPPATH"
fi
# If root is read only, default to mounting a tmpfs on /tmp,
Index: debian/initscripts.postinst
===================================================================
--- debian/initscripts.postinst (revision 1963)
+++ debian/initscripts.postinst (working copy)
@@ -20,38 +20,6 @@
umask 022
-guest_environment() {
- case "$(uname -s)" in
- GNU)
- if [ "$(stat -c %d /)" = 3 ]
- then
- # /'s pid is 3, this is the real root.
- return 1
- fi
- ;;
- *)
- if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
- then
- # the devicenumber/inode pair of / is
- # the same as that of /sbin/init's
- # root, so we're *not* in a chroot and
- # hence return false.
- return 1
- fi
- if [ -e /proc/self/vinfo ]; then
- # If XID: 0 is found, we're a vserver
- # host, *not* a guest, hence return
- # false
- if grep '^XID:[[:space:]]*0$' /proc/self/vinfo 2>&1 >/dev/null; then
- return 1
- fi
- fi
- ;;
- esac
-
- return 0
-}
-
# If the device/inode are the same, a bind mount already exists or the
# transition is complete, so set up is not required. Otherwise bind
# mount $SRC on $DEST.
@@ -76,6 +44,7 @@
# Bind mount $SRC on $DEST
if [ -n "$ssrc" ] && [ "$ssrc" != "$sdest" ]; then
[ -d "$DEST" ] || mkdir "$DEST"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$DEST"
if mount -t $FSTYPE "$SRC" "$DEST" $OPTS ; then
return 0
fi
@@ -111,6 +80,7 @@
echo "Can't symlink $DEST to $SRC; please fix manually."
return 1
}
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$DEST"
fi
return 0
@@ -255,7 +225,7 @@
# sysadmin should, if they care, move the old locations to the new
# locations and create compatibilty symlinks at their convenience
# following the upgrade.
-if guest_environment; then
+if ischroot; then
# Symlink /var/run from /run
# Note var/run is relative
if compat_link /var/run /run; then
Index: debian/changelog
===================================================================
--- debian/changelog (revision 1963)
+++ debian/changelog (working copy)
@@ -10,8 +10,14 @@
already bind mounted on the chroot /run, which would remove the
contents of the host /run if upgrading initscripts in the chroot.
* Restore rpcbind/portmap changes from 2.88dsf-13.5.
+ * Add restorecon support for selinux using new paths. (Closes: #626725)
+ Thanks to Martin Orr for this patch.
+ * Use new debianutils "ischroot" program to detect if in a chroot in
+ the initscripts postinst more reliably. Depend on initscripts
+ version 4 or greater to ensure ischroot is available.
+ (Closes: #626846)
- -- Roger Leigh <[email protected]> Sun, 15 May 2011 10:01:37 +0100
+ -- Roger Leigh <[email protected]> Wed, 18 May 2011 23:12:30 +0100
sysvinit (2.88dsf-13.6) unstable; urgency=low
signature.asc
Description: Digital signature
_______________________________________________ Pkg-sysvinit-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-sysvinit-devel
