[Piuparts-devel] Bug#682068: Bug#682068: selinux + piuparts

Holger Levsen holger at layer-acht.org
Wed Apr 30 13:46:45 UTC 2014


Hi,

On Mittwoch, 30. April 2014, Laurent Bigonville wrote:
> I'll try to cook something. But if you really want to remove the
> support, wouldn't it be better to unconditionally switch to the new
> path instead?

as said a year ago, just changing pathes won't work, as detecting selinux 
needs to be updated too:

On Samstag, 18. Mai 2013, Holger Levsen wrote:
> tags 682068 + moreinfo
> thanks
> 
> Hi Laurent,
> 
> piuparts is only trying to mount selinux mountpoints if
> /usr/sbin/selinuxenabled ran successfully.
> 
> I have two problems now:
> - /usr/sbin/selinuxenabled doesn't even exist on my wheezy system
> - isn't there some selinux tool to tell me the expected mountpoint? I don't
> want to mess around with versions in piuparts.py source code (be it
> "wheezy", "squeeze", 2.0.96-1 or 2.1.9-5) to decide whether to mount
> /selinux or /sys/fs/selinux ?!!
> 
> See below for actual related code. That's it, plus calls to them.
> 
> def selinux_enabled(enabled_test="/usr/sbin/selinuxenabled"):
>     if os.access(enabled_test, os.X_OK):
>         retval, output = run([enabled_test], ignore_errors=True)
>         if retval == 0:
>             return True
>         else:
>             return False
> 
>     def mount_selinux(self):
>         if selinux_enabled():
>             run(["mkdir", "-p", self.relative("/selinux")])
>             run(["mount", "-t", "selinuxfs", "/selinux",
> self.relative("/selinux")])
>             logging.info("SElinux mounted into chroot")
> 
>     def unmount_selinux(self):
>         if selinux_enabled():
>             run(["umount", self.relative("/selinux")])
>             logging.info("SElinux unmounted from chroot")

I think I really either want a tested patch from someone using selinux or 
remove this code.


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/piuparts-devel/attachments/20140430/d8f71b84/attachment.sig>


More information about the Piuparts-devel mailing list