[DSE-Dev] Bug#658070: closed by Laurent Bigonville <bigon at debian.org> (Bug#658070: fixed in libselinux 2.1.12-1)

Michael Biebl biebl at debian.org
Tue Jan 1 15:17:58 UTC 2013 

Hi and happy new year!

On 31.12.2012 13:05, Laurent Bigonville wrote:
> Hello,
> 
>> I've been having a quick look at the changes in 2.1.12-1.
>>
>> It seems you simply dropped the /selinux directory from the package.
>> This should work fine for systems where selinux is not active.
>> On systems where selinux is active and selinuxfs is mounted
>> at /selinux, the directory will not be removed on upgrades.
>> Do you think we need some special handling in the maintainer scripts
>> to mount-move /selinux in preinst?
>>
>> Or does selinux in squeeze already use /sys/fs/selinux and /selinux is
>> unused, so if you upgrade from squeeze to jessie there will be no
>> mount at /selinux? I guess as you've uploaded to exp only, you don't
>> plan to drop /selinux for squeeze?
> 
> I guess you meant Wheezy here?

Indeed

> Since Wheezy, libselinux will mount the selinuxfs on /sys/fs/selinux if
> it's available during early boot (and will fallback to /selinux
> otherwise). This is working well if the machine is booting with a
> initramfs, I'm not sure if /sys/fs/selinux is available early enough if
> a initramfs is not used (are we even supposed to support that kind of
> situation?).
> 
> So I would say, if somebody is upgrading from Wheezy to Jessie and the
> selinuxfs is still mounted on /selinux, this is a special case (or a
> user choice) and /selinux should not be removed.
> 
> What do you think?

The only thing I'm worried about is, that for systems where selinux is
active, /selinux will never be removed, even if it is no longer used.

I would suggest to add a

mountpoint -q /selinux || rmdir --ignore-fail-on-non-empty /selinux

to the preinst for the jessie package.


Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20130101/c3b131c9/attachment.pgp>

More information about the SELinux-devel mailing list