[DSE-Dev] Bug#753727: reason for this
Russell Coker
russell at coker.com.au
Sat Jul 5 01:46:08 UTC 2014
> The current version of libselinux1.postint runs "telinit u" to tell init
> to re-exec itself. This was added so the system can shutdown cleanly when
> sysvinit is the active PID 1.
AFAIK that was never the case.
The reason for running "telinit u" when a shared object that init uses is
upgraded is so that init will start using the new version.
I don't think we can unconditionally avoid such an operation. If at some
future time we find a security flaw in one of those libraries that can affect
the operation of process 1 there needs to be a way of causing the buggy
library to be removed from memory. If systemd is unable to handle this
correctly then that would be a bug in systemd.
Also there is the possibility of an upgrade requiring a file format change to
something under /etc/selinux. Upgrades of SE Linux user space between major
versions of Debian without a reboot are officially unsupported (I'll close any
bug report of the form "I did a dist-upgrade from wheezy to jessie without
rebooting and things didn't work correctly"), so this shouldn't be a problem.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753790
I don't think that systemd needs to get the new library instantly (not even
for a security issue). But it definitely needs to get it before the next
reboot (which may be a year later). So maybe we could have a trigger or
something and let systemd work it out. I have filed bug report #753790
against systemd for this.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the SELinux-devel
mailing list