Bug#658369: rpcbind: precreating state files makes selinux unhappy

Thu, 02 Feb 2012 06:03:23 -0800 

Package: rpcbind
Version: 0.2.0-7
Severity: normal
Tags: patch

Hi,

The fix for #620800 works around startup warnings by touching the state files
before starting rpcbind. This approach does not agree with SELinux, because
files created outside the daemon do not receive the correct security label.

Multiple solutions exist, like defining a new security domain for the init
script (overkill) or manually calling chcon/restorecon (which hardcodes policy
in the script). But in this case, the simplest solution is to simply not pass
-w unless we know the warm start is actually viable.

Patch attached. Even without -w, rpcbind will still save its state on exit.


Regards,
Arno Schuring

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (900, 'stable'), (300, 'unstable'), (200, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rpcbind depends on:
ii  initscripts  2.88dsf-18
ii  insserv      1.14.0-2.2
ii  libc6        2.13-24
ii  libtirpc1    0.2.2-5
ii  libwrap0     7.6.q-22
ii  lsb-base     3.2-28

rpcbind recommends no packages.

rpcbind suggests no packages.

-- no debconf information

--- /etc/init.d/rpcbind	2011-12-10 01:35:16.000000000 +0100
+++ rpcbind	2012-02-02 14:33:40.220222598 +0100
@@ -20,7 +20,7 @@
 
 . /lib/lsb/init-functions
 
-OPTIONS="-w"
+OPTIONS=
 STATEDIR=/run/rpcbind
 PIDFILE=/run/rpcbind.pid
 
@@ -42,13 +42,9 @@
         log_end_msg 1
         exit 1
     fi
-    if [ ! -f $STATEDIR/rpcbind.xdr ]
+    if [ -f $STATEDIR/rpcbind.xdr ]
     then
-        touch $STATEDIR/rpcbind.xdr
-    fi
-    if [ ! -f $STATEDIR/portmap.xdr ]
-    then
-        touch $STATEDIR/portmap.xdr
+        WARMSTART=-w
     fi
     log_begin_msg "Starting rpcbind daemon..."
     pid=$( pidofproc /sbin/rpcbind )
@@ -58,7 +54,7 @@
         log_end_msg 0
         exit 0
     fi
-    start-stop-daemon --start --quiet --oknodo --exec /sbin/rpcbind -- "$@"
+    start-stop-daemon --start --quiet --oknodo --exec /sbin/rpcbind -- "$WARMSTART" "$@"
     pid=$( pidofproc /sbin/rpcbind )
     echo -n "$pid" >"$PIDFILE"
     # /run/sendsigs.omit.d is created by /etc/init.d/mountkernfs.sh

Reply via email to