Re: security labeling handle: No such file or directory (what file?)
I installed dpkg_1.18.4_armhf.deb by remounting selinux, It seems to
help a tiny bit. By the changelog there have been recent selinux
changes to it. I still almost always get the error about the security
handle though.
Is it possible that it can't get a security handle because the file
doesn't have one? Should that get applied automatically to every
downloaded file like a umask even if somebody's not trying to use
selinux? Could that happen too slowly in an apt-get install scenario?
In src/selinux.c is:
sehandle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
if (sehandle == NULL)
ohshite(_("cannot get security labeling handle"));
There is variable selinux_enabled but the step that gives the error
message seems to be outside the tests using it. In the spirit of
using permissive mode it seems like it should give a warning rather
than being fatal to the install.
How about an selinux addition to dpkg's force options?
Forcing one deb to install (pass it the name of the downloaded deb):
-------
#!/bin/sh
mount -o remount,ro /sys/fs/selinux
dpkg -i $1
mount -o remount,rw /sys/fs/selinux
------
I think it works because it seems to take selinux a few seconds to
realize it can't write to its directory and panic. Having it all in
one script squeaks it under its radar.
On 1/14/16, Alan Corey <alan01346@gmail.com> wrote:
> I extracted the Jessie and Wheezy(?) binary debs to grep them. The
> string "security labeling" is in the Jessie dpkg binary, it's not in
> the Wheezy(?) one.
>
> dpkg 1.17.25 has it, 1.16.16 doesn't. That's why the old version
> doesn't give that error. Now to find the source and look there.
>
> Wondering what happens if I try to install a bunch of stuff, let it
> fail, then remount selinux ro and do an apt-get -f install to try to
> get in under the wire. Otherwise I don't think I can compile a changed
> version if I make one. I did find that holding my power button ~10
> seconds will shut it down even when selinux has it locked.
>
> On 1/14/16, Alan Corey <alan01346@gmail.com> wrote:
>> Other people seem to be seeing this too with Android > 5.0 and recent
>> Linux. Debian Jessie and Ubuntu Trusty seem affected. But I have my
>> old SD card set up around 2/7/2015 and it works fine. That would have
>> been Wheezy I think, I had to modify Debian Kit to not install
>> Squeeze. I have at least that in my notes. I've been using Wheezy
>> for a couple weeks with no problem, but switch back to Jessie and I
>> get the selinux problem again.
>>
>> Booted up fine this morning after I charged the battery. But make
>> isn't in binutils so I added it with apt-get, had to remount selinx
>> ro, now I'm waiting for the battery to run down to reboot again
>> because it locked again. I just want to improve that error message to
>> explain the error a little better.
>>
>> What would happen if I intermixed armel and armhfs executables?
>>
>> On 1/14/16, Paul Wise <pabs@debian.org> wrote:
>>> On Thu, Jan 14, 2016 at 12:37 PM, Alan Corey wrote:
>>>
>>>> Maybe I should scrap this and reinstall.
>>>
>>> Not sure. Either way, once you figured out the issue, please add a
>>> section to the chroot on Android page.
>>>
>>> https://wiki.debian.org/ChrootOnAndroid
>>>
>>> --
>>> bye,
>>> pabs
>>>
>>> https://wiki.debian.org/PaulWise
>>>
>>>
>>
>>
>> --
>> Credit is the root of all evil. - AB1JX
>>
>
>
> --
> Credit is the root of all evil. - AB1JX
>
--
Credit is the root of all evil. - AB1JX
Reply to: