[DSE-Dev] Bug#822679: Bug#822679: closed by Laurent Bigonville <bigon at debian.org> (Bug#822679: fixed in libselinux 2.5-2)

Laurent Bigonville bigon at debian.org
Sun May 1 20:18:11 UTC 2016


Le 01/05/16 à 21:01, Yuri D'Elia a écrit :
> On Sun, May 01 2016, Laurent Bigonville <bigon at debian.org> wrote:
>> It's only doing this if /proc is not mounted, something that should
>> happen at early boot.
>>
>> libselinux needs to determine the status of selinux on the machine. This is done by reading files
>> under /proc.
> libselinux should assume selinux is disabled if there's no proc, and
> just do nothing.
>
> Why the safe default cannot be followed here?
> Can't "ls" just do it's work without policy until /proc is ready?
>
> This is going to attempt mounting /proc in containers and generally mess
> with event-based system initialization in unexpected ways.
>
> I personally experienced this while setting up a testing environment
> where selinux is _disabled_ and took me a while to track down why /proc
> was getting mounted over and over again.

What are the symptoms you are seeing exactly? what is broken?

Isn't /proc needed for almost anything these days anyway?
>> If you want to change that, see with upstream.
> Do I really have to?
> This seems like a *very bad* idea in the first place.

I'm not planning to carry a patch in the debian package for that.
> Funny thing: unmount will now mount /proc.
>
> Maybe I need to file a bugreport against mount.
I don't think it's needed, mount is not responsible of this.



More information about the SELinux-devel mailing list