[DSE-Dev] Bug#1110522: unblock: policycoreutils/3.8.1-2

Thu Aug 7 16:23:10 BST 2025

Package: release.debian.org
Severity: normal
X-Debbugs-Cc: policycoreutils at packages.debian.org
Control: affects -1 + src:policycoreutils
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package policycoreutils

[ Reason ]
With version 3.8.1-1 there are significant bugs in the remove-leaf-dirs
which allow it to work in the trivial cases (all test cases I used during
development) but fails badly in the case of upgrading from the Bookworm
version of selinux-policy-default to the Trixie version.

[ Impact ]
If the unblock isn't granted then every SE Linux user who upgrades to Trixie
will have to manually relabel the main directories (/etc /usr and /var).
If it is granted then things will just work and Trixie will be the first
release of Debian to allow a clean SE Linux upgrade which is a really good
thing for SE Linux users.

For people who don't have SE Linux enabled this will have no impact.

[ Tests ]
I have tested the upgrade of policy from from Bookworm to Trixie many times
and also passed a variety of test input to the script for corner cases.

[ Risks ]
There are no risks for systems which don't use SE Linux.

For systems running SE Linux the biggest risk is that 3.8.1-2 will perform as
badly as 3.8.1-1 (IE not relabeling).

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
(Anything else the release team should know.)

unblock policycoreutils/3.8.1-2

diff -Nru policycoreutils-3.8.1/debian/changelog policycoreutils-3.8.1/debian/changelog

--- policycoreutils-3.8.1/debian/changelog	2025-03-16 19:41:42.000000000 +1100
+++ policycoreutils-3.8.1/debian/changelog	2025-08-08 00:48:14.000000000 +1000
@@ -1,3 +1,10 @@
+policycoreutils (3.8.1-2) unstable; urgency=medium
+
+  * Fixed remove-leaf-dirs, the previous code was badly broken and only
+    worked in trivial test cases.  Needed for a clean upgrade to Trixie.
+
+ -- Russell Coker <russell at coker.com.au>  Fri, 08 Aug 2025 00:48:14 +1000
+
 policycoreutils (3.8.1-1) unstable; urgency=medium
 
   * New upstream release, just version change
diff -Nru policycoreutils-3.8.1/debian/remove-leaf-dirs policycoreutils-3.8.1/debian/remove-leaf-dirs
--- policycoreutils-3.8.1/debian/remove-leaf-dirs	2025-02-06 23:27:23.000000000 +1100
+++ policycoreutils-3.8.1/debian/remove-leaf-dirs	2025-08-08 00:48:12.000000000 +1000
@@ -10,20 +10,20 @@
 while(<STDIN>)
 {
   chomp;
-  push(@arr, $_);
+  # strip "" and "/" to avoid problems
+  if(length($_) >1)
+  {
+    push(@arr, $_);
+  }
 }
-my @sorted = sort { length($a) <=> length($b) } @arr;
 
-for(my $i = 0; $i < $#sorted; $i++)
+for(my $i = 0; $i <= $#arr; $i++)
 {
-  print "$sorted[$i]\n";
-  for(my $j = $i + 1; $j <= $#sorted; $j++)
+  print "$arr[$i]\n";
+  my $stem = $arr[$i] . "/";
+  my $stemlen = length($arr[$i]) + 1;
+  while ($i + 1 <= $#arr and $stem eq substr($arr[$i + 1], 0, $stemlen))
   {
-    if($sorted[$i] . "/" eq substr($sorted[$j], 0, length($sorted[$i])+1))
-    {
-      splice(@sorted, $j, 1);
-      $j--;
-    }
+    splice(@arr, $i + 1, 1);
   }
 }
-print "$sorted[$#sorted]\n";

