[DSE-Dev] [Piuparts-devel] Bug#682068: Bug#682068: selinux + piuparts
Holger Levsen
holger at layer-acht.org
Thu May 1 15:57:02 UTC 2014
Hi Laurent,
On Donnerstag, 1. Mai 2014, Laurent Bigonville wrote:
> I've attached a patch that is implementing the change.
great!
> If /selinux is
> present, the selinuxfs will be mounted there. This directory was
> shipped by libselinux package until wheezy (even if in wheezy it was
> mounted already to the new location).
ack
> The patch is also changing the way the selinuxfs is mounted. The
> selinuxfs is now bind mounted and then set to read only. This is needed
> to make think the userspace that selinux is disabled, otherwise dpkg
> will simply fail if the selinux policy is not installed in the chroot
> (see: #734193)
ic. selinux doesnt work in chroots at all?
> I've also added a soft dependency against python-selinux to use the
> python API to detect if selinux is enabled instead of using
> selinuxenabled executable. If you don't agree with this, I can revert
> this change.
Yes, I think a recommends is too much here, as recommends are installed by
default. So please revert this bit. Besides that, the patch looks fine.
I would prefer if you could also give me a pull request or send a git patch
via email... else I'll just take your patch from here...
Thanks!
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140501/ea97e584/attachment.sig>
More information about the SELinux-devel
mailing list