Your message dated Fri, 20 May 2011 17:16:13 +0000
with message-id <[email protected]>
and subject line Bug#626725: fixed in sysvinit 2.88dsf-13.7
has caused the Debian Bug report #626725,
regarding initscripts: Needs to set SELinux labels for /run
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
626725: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626725
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: initscripts
Version: 2.88dsf-13.5
Severity: important
Tags: patch
Directories and symlinks created as part of the /run transition are not
labelled for SELinux. The effect is that most services fail to start on
boot after transitioning to /run.
You need to run restorecon after creating a directory or symbolic link
in an init script or maintainer script. Attached patch does this.
/run with SELinux also requires the refpolicy patch I have submitted in
#626720. Once that is fixed, initscripts should probably have
Breaks: selinux-policy-default (<< $FIXEDVERSION)
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38.2 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages initscripts depends on:
ii coreutils 8.5-1 GNU core utilities
ii debianutils 3.4.5 Miscellaneous utilities specific t
ii libc6 2.11.2-13 Embedded GNU C Library: Shared lib
ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip
ii mount 2.17.2-9.1 Tools for mounting and manipulatin
ii sysv-rc 2.88dsf-13.5 System-V-like runlevel change mech
ii sysvinit-utils 2.88dsf-13.5 System-V-like utilities
Versions of packages initscripts recommends:
ii e2fsprogs 1.41.12-4 ext2/ext3/ext4 file system utiliti
ii psmisc 22.13-1 utilities that use the proc file s
initscripts suggests no packages.
-- no debconf information
diff -Nbaru sysvinit-2.88dsf-13.6/debian/initscripts.postinst sysvinit-2.88dsf-13.6+orr/debian/initscripts.postinst
--- sysvinit-2.88dsf-13.6/debian/initscripts.postinst 2011-05-14 17:12:43.312000975 +0100
+++ sysvinit-2.88dsf-13.6+orr/debian/initscripts.postinst 2011-05-14 11:23:36.380000446 +0100
@@ -76,6 +76,7 @@
# Bind mount $SRC on $DEST
if [ -n "$ssrc" ] && [ "$ssrc" != "$sdest" ]; then
[ -d "$DEST" ] || mkdir "$DEST"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$DEST"
if mount -t $FSTYPE "$SRC" "$DEST" $OPTS ; then
return 0
fi
@@ -97,6 +98,7 @@
( rm -fr $DEST &&
ln -fs $SRC $DEST) ||
{ echo "Can't symlink $DEST to $SRC; please fix manually."; return 1; }
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$DEST"
fi
return 0
diff -Nbaru sysvinit-2.88dsf-13.6/debian/src/initscripts/etc/init.d/mountkernfs.sh sysvinit-2.88dsf-13.6+orr/debian/src/initscripts/etc/init.d/mountkernfs.sh
--- sysvinit-2.88dsf-13.6/debian/src/initscripts/etc/init.d/mountkernfs.sh 2011-05-14 17:12:43.368000975 +0100
+++ sysvinit-2.88dsf-13.6+orr/debian/src/initscripts/etc/init.d/mountkernfs.sh 2011-05-14 11:02:38.412000126 +0100
@@ -44,6 +44,7 @@
# Make lock directory as the replacement for /var/lock
[ -d /run/lock ] || mkdir --mode=755 /run/lock
+ [ -x /sbin/restorecon ] && /sbin/restorecon /run/lock
# Mount /run/lock as tmpfs if enabled. This prevents user DoS
# of /run by filling /run/lock at the expense of using an
@@ -60,6 +61,7 @@
if [ -L /tmp ] && [ ! -d /tmp ]; then
TMPPATH="$(readlink /tmp)"
mkdir -p --mode=755 "$TMPPATH"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$TMPPATH"
fi
# If root is read only, default to mounting a tmpfs on /tmp,
diff -Nbaru sysvinit-2.88dsf-13.6/debian/src/initscripts/lib/init/mount-functions.sh sysvinit-2.88dsf-13.6+orr/debian/src/initscripts/lib/init/mount-functions.sh
--- sysvinit-2.88dsf-13.6/debian/src/initscripts/lib/init/mount-functions.sh 2011-05-14 17:12:43.380000975 +0100
+++ sysvinit-2.88dsf-13.6+orr/debian/src/initscripts/lib/init/mount-functions.sh 2011-05-14 11:03:18.212000131 +0100
@@ -294,6 +294,7 @@
if [ -L "$OLD" ] && [ "$(readlink "$OLD")" != "$RUN" ]; then
rm -f "$OLD"
ln -fs "$RUN" "$OLD"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$OLD"
fi
# If both directories are the same, we don't need to do
@@ -327,6 +328,7 @@
else
rm -f "$OLD"
ln -fs "$RUN" "$OLD"
+ [ -x /sbin/restorecon ] && /sbin/restorecon "$OLD"
fi
fi
--- End Message ---
--- Begin Message ---
Source: sysvinit
Source-Version: 2.88dsf-13.7
We believe that the bug you reported is fixed in the latest version of
sysvinit, which is due to be installed in the Debian FTP archive:
initscripts_2.88dsf-13.7_amd64.deb
to main/s/sysvinit/initscripts_2.88dsf-13.7_amd64.deb
sysv-rc_2.88dsf-13.7_all.deb
to main/s/sysvinit/sysv-rc_2.88dsf-13.7_all.deb
sysvinit-utils_2.88dsf-13.7_amd64.deb
to main/s/sysvinit/sysvinit-utils_2.88dsf-13.7_amd64.deb
sysvinit_2.88dsf-13.7.diff.gz
to main/s/sysvinit/sysvinit_2.88dsf-13.7.diff.gz
sysvinit_2.88dsf-13.7.dsc
to main/s/sysvinit/sysvinit_2.88dsf-13.7.dsc
sysvinit_2.88dsf-13.7_amd64.deb
to main/s/sysvinit/sysvinit_2.88dsf-13.7_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roger Leigh <[email protected]> (supplier of updated sysvinit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Wed, 18 May 2011 23:12:30 +0100
Source: sysvinit
Binary: sysvinit sysvinit-utils sysv-rc initscripts
Architecture: source amd64 all
Version: 2.88dsf-13.7
Distribution: unstable
Urgency: low
Maintainer: Debian sysvinit maintainers
<[email protected]>
Changed-By: Roger Leigh <[email protected]>
Description:
initscripts - scripts for initializing and shutting down the system
sysv-rc - System-V-like runlevel change mechanism
sysvinit - System-V-like init utilities
sysvinit-utils - System-V-like utilities
Closes: 626725 626846
Changes:
sysvinit (2.88dsf-13.7) unstable; urgency=low
.
[ Roger Leigh ]
* Non-maintainer upload.
* Correct version check used for reboot notification in initscripts
postinst.
* Don't use "rm -rf" when creating compatibility links in chroots;
use plain rmdir and abort with an error if it fails. This is in
order to avoid removing host data if e.g. /run from the host is
already bind mounted on the chroot /run, which would remove the
contents of the host /run if upgrading initscripts in the chroot.
* Restore rpcbind/portmap changes from 2.88dsf-13.5.
* Add restorecon support for selinux using new paths. (Closes: #626725)
Thanks to Martin Orr for this patch.
* Use new debianutils "ischroot" program to detect if in a chroot in
the initscripts postinst more reliably. Depend on initscripts
version 4 or greater to ensure ischroot is available.
(Closes: #626846)
Checksums-Sha1:
97a7eb6e52dd991646cab0dbc3dd8ed0d0dbf2a4 1532 sysvinit_2.88dsf-13.7.dsc
29e6514ded21e1c8fb49b81e371e7b76fd0d8b70 175623 sysvinit_2.88dsf-13.7.diff.gz
7ccc378eb1df70244aed9d40a712744ce710be29 122800 sysvinit_2.88dsf-13.7_amd64.deb
ccbe2d9a146a6304cf303dea09f33bf390beb13c 124874
sysvinit-utils_2.88dsf-13.7_amd64.deb
8236fb043cf777852f89abd8d14c216f1800cbd8 77448
initscripts_2.88dsf-13.7_amd64.deb
cd71181f5840bf2c81fe248de7d9cfea1b954cbc 77088 sysv-rc_2.88dsf-13.7_all.deb
Checksums-Sha256:
44c55a184a549eb6ba52ae9c65de9e724b3d88448f037fc3cd3bd04cb45f0422 1532
sysvinit_2.88dsf-13.7.dsc
c7db864190076e4cf7c3a7deb30ec1a0060b31255aeaa1f61de99a6ec0d6ad25 175623
sysvinit_2.88dsf-13.7.diff.gz
106750777f8c6b6308fd65324eb32db8a76dd3270f5aef14b6698647aa352f11 122800
sysvinit_2.88dsf-13.7_amd64.deb
f4e97d6beb8a6853c3e9de9c974584c1e53127c70f1a0426a103d2995d5ff9e9 124874
sysvinit-utils_2.88dsf-13.7_amd64.deb
4c50ae63dc6109adaf5ec060e64befc0b4e0d1e93015f7d2bcc1a90ab1466706 77448
initscripts_2.88dsf-13.7_amd64.deb
b48a7337a509b7f16d491d31368d6e66e40b3ceb541d4aa2e24c75526c527bf7 77088
sysv-rc_2.88dsf-13.7_all.deb
Files:
cd5d46836a528d002912dfec2f84407d 1532 admin required sysvinit_2.88dsf-13.7.dsc
f50276c3b7cd0f4117971c96b2ec6b3e 175623 admin required
sysvinit_2.88dsf-13.7.diff.gz
6f76048f50160aa5a8437f3ce228d7e8 122800 admin required
sysvinit_2.88dsf-13.7_amd64.deb
61288ab428fa4ede5a1ea8c4edec6f02 124874 admin required
sysvinit-utils_2.88dsf-13.7_amd64.deb
c8687d71146a392fb20e2145eb1114c6 77448 admin required
initscripts_2.88dsf-13.7_amd64.deb
f3b4b5eb68ec75ac0aded541a8f06166 77088 admin required
sysv-rc_2.88dsf-13.7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEAREDAAYFAk3WX1EACgkQVcFcaSW/uEg1bACeKRQk+eqWbHhyc0W/da0uljHE
H2gAnRtul7Z0YRvpwae8EP78HbDLluxG
=pfXa
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-sysvinit-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-sysvinit-devel
