[DSE-Dev] Bug#682068: selinux + piuparts

Laurent Bigonville bigon at debian.org
Sun May 19 10:00:39 UTC 2013


Le Sat, 18 May 2013 16:07:41 +0200,
Holger Levsen <holger at layer-acht.org> a écrit :

> tags 682068 + moreinfo
> thanks
> 
> Hi Laurent,

Hello,

> 
> piuparts is only trying to mount selinux mountpoints if 
> /usr/sbin/selinuxenabled ran successfully.
> 
> I have two problems now:
> - /usr/sbin/selinuxenabled doesn't even exist on my wheezy system

This executable is in selinux-utils package.

> - isn't there some selinux tool to tell me the expected mountpoint? I
> don't want to mess around with versions in piuparts.py source code
> (be it "wheezy", "squeeze", 2.0.96-1 or 2.1.9-5) to decide whether to
> mount /selinux or /sys/fs/selinux ?!!

sestatus is giving you this information, but I'm not sure this is
really clean to grep that output (the format is probably not
guaranteed).

I've seen libraries parsing /proc/mounts directly to look for the
"selinuxfs" mountpoint. 

I would suggest you to only test if this filesystem is mounted and not
use the selinuxenabled command to see if selinux is enabled. It might
be possible that this package is not installed on the system even if
selinux is enabled (that's probably not the case on standard setup, but
it might happen).

Cheers

Laurent Bigonville


> 
> See below for actual related code. That's it, plus calls to them.
> 
> 
> cheers,
> 	Holger
> 
> def selinux_enabled(enabled_test="/usr/sbin/selinuxenabled"):
>     if os.access(enabled_test, os.X_OK):
>         retval, output = run([enabled_test], ignore_errors=True)
>         if retval == 0:
>             return True
>         else:
>             return False
> 
>     def mount_selinux(self):
>         if selinux_enabled():
>             run(["mkdir", "-p", self.relative("/selinux")])
>             run(["mount", "-t", "selinuxfs", "/selinux", 
> self.relative("/selinux")])
>             logging.info("SElinux mounted into chroot")
> 
>     def unmount_selinux(self):
>         if selinux_enabled():
>             run(["umount", self.relative("/selinux")])
>             logging.info("SElinux unmounted from chroot")




More information about the SELinux-devel mailing list