[DSE-Dev] [Piuparts-devel] Bug#682068: Bug#682068: selinux + piuparts

Holger Levsen holger at layer-acht.org
Thu May 1 15:57:02 UTC 2014


Hi Laurent,

On Donnerstag, 1. Mai 2014, Laurent Bigonville wrote:
> I've attached a patch that is implementing the change.

great!

> If /selinux is
> present, the selinuxfs will be mounted there. This directory was
> shipped by libselinux package until wheezy (even if in wheezy it was
> mounted already to the new location).

ack

> The patch is also changing the way the selinuxfs is mounted. The
> selinuxfs is now bind mounted and then set to read only. This is needed
> to make think the userspace that selinux is disabled, otherwise dpkg
> will simply fail if the selinux policy is not installed in the chroot
> (see: #734193)

ic. selinux doesnt work in chroots at all?

> I've also added a soft dependency against python-selinux to use the
> python API to detect if selinux is enabled instead of using
> selinuxenabled executable. If you don't agree with this, I can revert
> this change.

Yes, I think a recommends is too much here, as recommends are installed by 
default. So please revert this bit. Besides that, the patch looks fine. 

I would prefer if you could also give me a pull request or send a git patch 
via email... else I'll just take your patch from here...

Thanks!


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20140501/ea97e584/attachment.sig>


More information about the SELinux-devel mailing list