Package: plymouth
Version: 22.02.122-3
Severity: normal
Tags: patch
The cp -a command preserves timestamps, permissions, ownership, and all
attributes. An initramfs doesn't need ownership (/etc/passwd doesn't
match and everything runs as root), and doesn't really need permissions
except in the case of executables. It also can't have SE Linux contexts
as the policy isn't loaded into the kernel.
The current version of plymouth uses cp -a to copy fonts etc which tries
to preserve their SE Linux contexts. Generally we don't want the process
that makes an initramfs to have the ability to write to things outside of
that which means that it can't create font dirs with the type fonts_t under
/var/tmp.
The solution is to use "cp -r" to copy the files in question, I've attached
a patch to do this. Another option would be to use "cp -rpd" which gets
closer to the original but shouldn't be necessary.
I've created an initramfs with this patch applied, run unmkinitramfs, and
then run diff on the output to show that it didn't change the contents when
compared to an initramfs created in permissive mode.
-- System Information:
Debian Release: trixie/sid
Architecture: amd64 (x86_64)
Kernel: Linux 6.4.0-3-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Versions of packages plymouth depends on:
ii init-system-helpers1.65.2
ii initramfs-tools0.142
ii libc6 2.37-7
ii libdrm22.4.115-1
ii libplymouth5 22.02.122-3
ii systemd254.1-3
ii sysvinit-utils [lsb-base] 3.07-1
ii udev 254.1-3
plymouth recommends no packages.
Versions of packages plymouth suggests:
ii desktop-base 12.0.6+nmu1
pn plymouth-themes
-- debconf-show failed
