[DSE-Dev] Bug#658070: closed by Laurent Bigonville <bigon at debian.org> (Bug#658070: fixed in libselinux 2.1.12-1)
Michael Biebl
biebl at debian.org
Tue Jan 1 15:17:58 UTC 2013
Hi and happy new year!
On 31.12.2012 13:05, Laurent Bigonville wrote:
> Hello,
>
>> I've been having a quick look at the changes in 2.1.12-1.
>>
>> It seems you simply dropped the /selinux directory from the package.
>> This should work fine for systems where selinux is not active.
>> On systems where selinux is active and selinuxfs is mounted
>> at /selinux, the directory will not be removed on upgrades.
>> Do you think we need some special handling in the maintainer scripts
>> to mount-move /selinux in preinst?
>>
>> Or does selinux in squeeze already use /sys/fs/selinux and /selinux is
>> unused, so if you upgrade from squeeze to jessie there will be no
>> mount at /selinux? I guess as you've uploaded to exp only, you don't
>> plan to drop /selinux for squeeze?
>
> I guess you meant Wheezy here?
Indeed
> Since Wheezy, libselinux will mount the selinuxfs on /sys/fs/selinux if
> it's available during early boot (and will fallback to /selinux
> otherwise). This is working well if the machine is booting with a
> initramfs, I'm not sure if /sys/fs/selinux is available early enough if
> a initramfs is not used (are we even supposed to support that kind of
> situation?).
>
> So I would say, if somebody is upgrading from Wheezy to Jessie and the
> selinuxfs is still mounted on /selinux, this is a special case (or a
> user choice) and /selinux should not be removed.
>
> What do you think?
The only thing I'm worried about is, that for systems where selinux is
active, /selinux will never be removed, even if it is no longer used.
I would suggest to add a
mountpoint -q /selinux || rmdir --ignore-fail-on-non-empty /selinux
to the preinst for the jessie package.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20130101/c3b131c9/attachment.pgp>
More information about the SELinux-devel
mailing list