[DSE-Dev] Bug#1098785: libselinux1: postinst unconditionally uses sestatus/semodule without depending on policycoreutils

Paul Wise pabs at debian.org
Mon Feb 24 03:42:00 GMT 2025 

Package: libselinux1
Version: 3.8-3
Severity: normal
Usertags: warnings deps

During an upgrade I got a warning about sestatus not being found.
The libselinux1 postinst is using sestatus and semodule
unconditionally without depending on policycoreutils.

The postinst should check that they exist before using them.

   $ sudo apt-get upgrade
   ...
   Preparing to unpack .../libselinux1-dev_3.8-3_amd64.deb ...
   Unpacking libselinux1-dev:amd64 (3.8-3) over (3.7-3.1) ...
   Preparing to unpack .../libselinux1_3.8-3_amd64.deb ...
   Unpacking libselinux1:amd64 (3.8-3) over (3.7-3.1) ...
   Setting up libselinux1:amd64 (3.8-3) ...
   /var/lib/dpkg/info/libselinux1:amd64.postinst: 6: sestatus: not found
   ...

   $ apt-file search bin/sestatus
   policycoreutils: /usr/bin/sestatus
   
   $ apt-cache show libselinux1 | grep policycoreutils ; echo $?
   1
   
-- System Information:
Debian Release: trixie/sid
  APT prefers testing-debug
  APT policy: (900, 'testing-debug'), (900, 'testing'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.15-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libselinux1:amd64 depends on:
ii  libc6         2.40-7
ii  libpcre2-8-0  10.45-1

libselinux1:amd64 recommends no packages.

libselinux1:amd64 suggests no packages.

-- no debconf information

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/selinux-devel/attachments/20250224/90678467/attachment.sig>

More information about the SELinux-devel mailing list