Package: rpcbind Version: 0.2.0-7 Severity: normal Tags: patch Hi,
The fix for #620800 works around startup warnings by touching the state files before starting rpcbind. This approach does not agree with SELinux, because files created outside the daemon do not receive the correct security label. Multiple solutions exist, like defining a new security domain for the init script (overkill) or manually calling chcon/restorecon (which hardcodes policy in the script). But in this case, the simplest solution is to simply not pass -w unless we know the warm start is actually viable. Patch attached. Even without -w, rpcbind will still save its state on exit. Regards, Arno Schuring -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (900, 'stable'), (300, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rpcbind depends on: ii initscripts 2.88dsf-18 ii insserv 1.14.0-2.2 ii libc6 2.13-24 ii libtirpc1 0.2.2-5 ii libwrap0 7.6.q-22 ii lsb-base 3.2-28 rpcbind recommends no packages. rpcbind suggests no packages. -- no debconf information
--- /etc/init.d/rpcbind 2011-12-10 01:35:16.000000000 +0100 +++ rpcbind 2012-02-02 14:33:40.220222598 +0100 @@ -20,7 +20,7 @@ . /lib/lsb/init-functions -OPTIONS="-w" +OPTIONS= STATEDIR=/run/rpcbind PIDFILE=/run/rpcbind.pid @@ -42,13 +42,9 @@ log_end_msg 1 exit 1 fi - if [ ! -f $STATEDIR/rpcbind.xdr ] + if [ -f $STATEDIR/rpcbind.xdr ] then - touch $STATEDIR/rpcbind.xdr - fi - if [ ! -f $STATEDIR/portmap.xdr ] - then - touch $STATEDIR/portmap.xdr + WARMSTART=-w fi log_begin_msg "Starting rpcbind daemon..." pid=$( pidofproc /sbin/rpcbind ) @@ -58,7 +54,7 @@ log_end_msg 0 exit 0 fi - start-stop-daemon --start --quiet --oknodo --exec /sbin/rpcbind -- "$@" + start-stop-daemon --start --quiet --oknodo --exec /sbin/rpcbind -- "$WARMSTART" "$@" pid=$( pidofproc /sbin/rpcbind ) echo -n "$pid" >"$PIDFILE" # /run/sendsigs.omit.d is created by /etc/init.d/mountkernfs.sh