[DSE-Dev] Bug#753727: reason for this

Russell Coker russell at coker.com.au
Sat Jul 5 01:46:08 UTC 2014


> The current version of libselinux1.postint runs "telinit u" to tell init
> to re-exec itself. This was added so the system can shutdown cleanly when
> sysvinit is the active PID 1.

AFAIK that was never the case.

The reason for running "telinit u" when a shared object that init uses is 
upgraded is so that init will start using the new version.

I don't think we can unconditionally avoid such an operation.  If at some 
future time we find a security flaw in one of those libraries that can affect 
the operation of process 1 there needs to be a way of causing the buggy 
library to be removed from memory.  If systemd is unable to handle this 
correctly then that would be a bug in systemd.

Also there is the possibility of an upgrade requiring a file format change to 
something under /etc/selinux.  Upgrades of SE Linux user space between major 
versions of Debian without a reboot are officially unsupported (I'll close any 
bug report of the form "I did a dist-upgrade from wheezy to jessie without 
rebooting and things didn't work correctly"), so this shouldn't be a problem.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753790

I don't think that systemd needs to get the new library instantly (not even 
for a security issue).  But it definitely needs to get it before the next 
reboot (which may be a year later).  So maybe we could have a trigger or 
something and let systemd work it out.  I have filed bug report #753790 
against systemd for this.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/



More information about the SELinux-devel mailing list