[DSE-Dev] Bug#569698: /etc/init.d/selinux-basics should not umount -a
Laurent Bigonville
bigon at debian.org
Tue Sep 15 08:47:45 UTC 2015
Hi,
I'm not sure removing the unmount is a correct way of dealing with this.
IMVHO, something like following sequence should be called at the end of
the script:
invoke-rc.d sendsigs stop > /dev/null 2>&1
sync
umount -a
reboot -f
I never thought that calling reboot (without -f) was a good idea. We
have no real way of knowing in which state the machine is and if the
processes are properly labeled. So calling the stop action of some
initscript could lead us to have files badly labeled (again).
I'm planning to have this sequence in the new initscript I'm writing
Cheers,
Laurent Bigonville
On Sat, 13 Feb 2010 15:51:29 +0100 Frank Engler
<bts.to.FrankEngler at spamgourmet.com> wrote:
> Package: selinux-basics
> Version: 0.3.5+nmu1
> Severity: important
> Tags: patch
>
> An "umount -a" is invoked in selinux-complete-relable() of
> /etc/init.d/selinux-basics. This was ok in prior versions
> because a reboot -f followed. Today, only a reboot without
> option -f is invoked which amounts to a "shutdown -r now".
> As a result, file systems are unmounted later in shutdown
> process. Therefore, a umount is not necessary in this
> script.
>
> My server failed to change into runlevel 6 after
> unmounting file systems.
>
> -- /var/log/boot (relevant part)
> Sun Feb 7 22:57:20 2010: Checking SELinux contexts: selinux-basics
> Sun Feb 7 22:57:20 2010: Relabeling your filesystems for
SELinux......Cleaning out /tmp
> Sun Feb 7 22:57:21 2010: *****************
> Sun Feb 7 22:57:37 2010: Relabeled, now reboot
> Sun Feb 7 22:57:37 2010: umount: /var: device is busy
> Sun Feb 7 22:57:37 2010: umount: /dev: device is busy
> Sun Feb 7 22:57:38 2010: Checking minimum space in /tmp...done.
> Sun Feb 7 22:57:38 2010: Setting up networking....
> Sun Feb 7 22:57:38 2010: Configuring network interfaces...done.
> Sun Feb 7 22:57:39 2010: /etc/rcS.d/S55bootmisc.sh: line 50: savelog:
command not found
> Sun Feb 7 22:57:39 2010: rm: cannot remove `/tmp/.clean': Read-only
file system
> Sun Feb 7 22:57:39 2010: Initializing random number
generator.../etc/rcS.d/S55urandom: line 31: find: command not found
> Sun Feb 7 22:57:39 2010: /etc/rcS.d/S55urandom: line 32: [: : integer
expression expected
> Sun Feb 7 22:57:39 2010: done.
> Sun Feb 7 22:57:39 2010: /etc/rcS.d/S70screen-cleanup: line 27: find:
command not found
> Sun Feb 7 22:57:39 2010: /etc/rcS.d/S70screen-cleanup: line 27:
xargs: command not found
> Sun Feb 7 22:57:39 2010: INIT: Entering runlevel: 2
> Sun Feb 7 22:57:39 2010: Running local boot scripts (/etc/rc.local).
> Sun Feb 7 22:57:40 2010:
> -- end /var/log/boot
>
> Though I am not abled to reproduce the error in a test
> environment, I suggest to remove the "umount -a" because
> it is redundant in most cases and fatal on maybe some
> more machines.
>
> After removing it the relabeling worked fine.
>
> -- /var/log/boot (relevant part)
> Sat Feb 13 14:29:16 2010: Checking SELinux contexts: selinux-basics
> Sat Feb 13 14:29:16 2010: Relabeling your filesystems for
SELinux......Cleaning out /tmp
> Sat Feb 13 14:29:17 2010: *****************
> Sat Feb 13 14:29:30 2010: Relabeled, now reboot
> Sat Feb 13 14:29:31 2010: INIT: Switching to runlevel: 6
> -- end /var/log/boot
More information about the SELinux-devel
mailing list