Bug#626725: Bug#626720: SELinux refpolicy, initscripts and /run
On Thu, Jun 09, 2011 at 09:32:44AM +1000, Russell Coker wrote: > Sorry for the delay. Yes please make it break the old version of policy. I > hope to upload a fix on Sunday. Just to let you know, sysvinit/initscripts will migrate to testing tomorrow. But they will be uninstallable on systems without the updated refpolicy, so it would be desirable to have an updated refpolicy ASAP. Thanks, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Bug#626720: [Pkg-sysvinit-devel] Bug#626725: Bug#626720: SELinux refpolicy, initscripts and /run
On Thu, Jun 09, 2011 at 04:04:14PM -0300, Henrique de Moraes Holschuh wrote: > On Thu, 09 Jun 2011, Roger Leigh wrote: > > +Breaks: selinux-policy-default (<< 2:0.2.20100524-9) > ... > > + * initscripts Breaks all selinux-policy-default versions up to and > > +including 2:0.2.20100524-9, which do not support /run. > > > "<<" means STRICTLY LESS THAN for dpkg. If you need to ALSO break > 2:0.2.20100524-9, as you wrote in the changelog, you should have used > "<=". The attached patch corrects the versioning. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. diff -urN sysvinit-2.88dsf.original/debian/changelog sysvinit-2.88dsf/debian/changelog --- sysvinit-2.88dsf.original/debian/changelog 2011-06-09 20:30:07.118557385 +0100 +++ sysvinit-2.88dsf/debian/changelog 2011-06-09 20:32:31.344334823 +0100 @@ -1,3 +1,11 @@ +sysvinit (2.88dsf-13.10) unstable; urgency=low + + * Non-maintainer upload. + * Correct selinux-policy-default Breaks versioning (use <= rather +than <<). + + -- Roger Leigh Thu, 09 Jun 2011 20:31:00 +0100 + sysvinit (2.88dsf-13.9) unstable; urgency=low * Non-maintainer upload. diff -urN sysvinit-2.88dsf.original/debian/control sysvinit-2.88dsf/debian/control --- sysvinit-2.88dsf.original/debian/control 2011-06-09 20:30:07.118557385 +0100 +++ sysvinit-2.88dsf/debian/control 2011-06-09 20:30:57.351176252 +0100 @@ -55,7 +55,7 @@ Recommends: psmisc, e2fsprogs Conflicts: libdevmapper1.02.1 (<< 2:1.02.24-1) Replaces: libc6, libc6.1, libc0.1, libc0.3 -Breaks: selinux-policy-default (<< 2:0.2.20100524-9) +Breaks: selinux-policy-default (<= 2:0.2.20100524-9) Description: scripts for initializing and shutting down the system The scripts in this package initialize a standard Debian system at boot time and shut it down at halt or reboot time. signature.asc Description: Digital signature
Bug#626720: [Pkg-sysvinit-devel] Bug#626725: Bug#626720: SELinux refpolicy, initscripts and /run
On Thu, Jun 09, 2011 at 04:04:14PM -0300, Henrique de Moraes Holschuh wrote: > On Thu, 09 Jun 2011, Roger Leigh wrote: > > +Breaks: selinux-policy-default (<< 2:0.2.20100524-9) > ... > > + * initscripts Breaks all selinux-policy-default versions up to and > > +including 2:0.2.20100524-9, which do not support /run. > > > "<<" means STRICTLY LESS THAN for dpkg. If you need to ALSO break > 2:0.2.20100524-9, as you wrote in the changelog, you should have used > "<=". Thanks for spotting that, can't believe I didn't see it. I'll make a new upload using (<= 2:0.2.20100524-9). Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Bug#626720: [Pkg-sysvinit-devel] Bug#626725: Bug#626720: SELinux refpolicy, initscripts and /run
On Thu, 09 Jun 2011, Roger Leigh wrote: > +Breaks: selinux-policy-default (<< 2:0.2.20100524-9) ... > + * initscripts Breaks all selinux-policy-default versions up to and > +including 2:0.2.20100524-9, which do not support /run. "<<" means STRICTLY LESS THAN for dpkg. If you need to ALSO break 2:0.2.20100524-9, as you wrote in the changelog, you should have used "<=". -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#626720: SELinux refpolicy, initscripts and /run
On Thu, Jun 09, 2011 at 09:20:50PM +1000, Russell Coker wrote: > Looks fine to me if the breaks line does what the changelog says it does. Great, thanks. This is now uploaded to unstable. -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Bug#626720: SELinux refpolicy, initscripts and /run
Looks fine to me if the breaks line does what the changelog says it does. -- My bloghttp://etbe.coker.com.au Sent from an Xperia X10 Android phone -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#626720: SELinux refpolicy, initscripts and /run
On Thu, Jun 09, 2011 at 09:32:44AM +1000, Russell Coker wrote: > Sorry for the delay. Yes please make it break the old version of policy. I > hope to upload a fix on Sunday. That would be super, thanks. I'm planning to upload initscripts with this patch. Is this Breaks: version OK with you? Thanks, Roger Index: debian/control === --- debian/control (revision 1964) +++ debian/control (working copy) @@ -55,6 +55,7 @@ Recommends: psmisc, e2fsprogs Conflicts: libdevmapper1.02.1 (<< 2:1.02.24-1) Replaces: libc6, libc6.1, libc0.1, libc0.3 +Breaks: selinux-policy-default (<< 2:0.2.20100524-9) Description: scripts for initializing and shutting down the system The scripts in this package initialize a standard Debian system at boot time and shut it down at halt or reboot time. Index: debian/src/initscripts/etc/init.d/mountkernfs.sh === --- debian/src/initscripts/etc/init.d/mountkernfs.sh(revision 1964) +++ debian/src/initscripts/etc/init.d/mountkernfs.sh(working copy) @@ -40,6 +40,7 @@ fi # TODO: Add -onodev once checkroot no longer creates a device node. domount "$MNTMODE" tmpfs shmfs /run tmpfs "-onosuid$RUNEXEC$RUN_OPT" + [ -x /sbin/restorecon ] && /sbin/restorecon -r /run [ -f /run/.ramfs ] || touch /run/.ramfs # Make lock directory as the replacement for /var/lock Index: debian/changelog === --- debian/changelog(revision 1964) +++ debian/changelog(working copy) @@ -1,3 +1,13 @@ +sysvinit (2.88dsf-13.8) unstable; urgency=low + + * Non-maintainer upload. + * initscripts Breaks all selinux-policy-default versions up to and +including 2:0.2.20100524-9, which do not support /run. + * Add restorecon support for selinux to /run in mountkernfs. +(Closes: #628107). Thanks to Martin Orr for this patch. + + -- Roger Leigh Thu, 09 Jun 2011 11:14:59 +0100 + sysvinit (2.88dsf-13.7) unstable; urgency=low [ Roger Leigh ] -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Bug#626720: SELinux refpolicy, initscripts and /run
Sorry for the delay. Yes please make it break the old version of policy. I hope to upload a fix on Sunday. -- My bloghttp://etbe.coker.com.au Sent from an Xperia X10 Android phone -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#626720: SELinux refpolicy, initscripts and /run
On Thu, May 26, 2011 at 03:57:45PM +0100, Roger Leigh wrote: > On Mon, May 16, 2011 at 07:18:39PM +0100, Roger Leigh wrote: > > As discussed in #626725 I can upload with the SELinux changes > > and a Breaks: selinux-policy-default to ensure SELinux users > > won't upgrade to the new initscripts, and we can replace that > > with a Breaks: selinux-policy-default (<< $FIXEDVERSION) once > > #626720 is fixed. > > I have uploaded a new initscripts with the patch applied. > I will upload a new version with the Breaks once refpolicy > has been updated. > > Do we have any estimation for how long it will take to get a > fixed version of refpolicy in unstable? Sorry to pester, but there hasn't been a response to the bug since it was filed, and it's now blocking both initscripts and base-files, neither of which can migrate to testing until this is fixed. Is the patch as proposed correct? If you don't have time to upload, would an NMU be possible here? [Not being an SELinux expert, I can't verify the correctness of the patch myself.] Many thanks, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Bug#626720: SELinux refpolicy, initscripts and /run
On Mon, May 16, 2011 at 07:18:39PM +0100, Roger Leigh wrote: > As discussed in #626725 I can upload with the SELinux changes > and a Breaks: selinux-policy-default to ensure SELinux users > won't upgrade to the new initscripts, and we can replace that > with a Breaks: selinux-policy-default (<< $FIXEDVERSION) once > #626720 is fixed. I have uploaded a new initscripts with the patch applied. I will upload a new version with the Breaks once refpolicy has been updated. Do we have any estimation for how long it will take to get a fixed version of refpolicy in unstable? Thanks, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature