Bug#501652: live-helper: lh_build fails if host has selinux enabled (even in permissive mode)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#501652: live-helper: lh_build fails if host has selinux enabled (even in permissive mode)
From: Pierre Chifflier <pollux@debian.org>
Date: Thu, 09 Oct 2008 11:01:29 +0200
Message-id: <[🔎] 20081009090129.14803.37889.reportbug@piche2.inl.fr>
Reply-to: Pierre Chifflier <pollux@debian.org>, 501652@bugs.debian.org

Package: live-helper
Version: 1.0.1-1
Severity: normal
Tags: patch

lh_build fails if selinux is enabled on the host filesystem,
even in permissive mode.

This happens when some packages are trying to add or update user
informations, with the following error:
Unpacking mysql-server-5.0 (from .../mysql-server-5.0_5.0.51a-15_i386.deb) ... 
chage: Permission denied.

The solution is to mount selinux during lh_build
For ex., I modified lh_chroot_sysfs to add:
mkdir -p chroot/selinux
${LH_ROOT_COMMAND} mount none -t selinuxfs chroot/selinux

and lh_clean
${LH_ROOT_COMMAND} umount -f chroot/selinux > /dev/null 2>&1 || true

I also changed lh_binary_chroot:
if [ -f chroot/selinux/policyvers ]
then
        if [ "${LH_USE_FAKEROOT}" != "enabled" ]
        then
                ${LH_ROOT_COMMAND} umount chroot/selinux
        else
                rm -rf chroot/selinux
                mkdir -p chroot/selinux
        fi
fi


As I am not really satisfied of the patches (especially modifying
lh_chroot_sysfs .. maybe we should add lh_chroot_selinuxfs), I am not
attaching them, but if you want I can create a patch.

Regards,
Pierre

-- Package-specific info:

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages live-helper depends on:
ii  debootstrap                   1.0.10     Bootstrap a basic Debian system
ii  gettext-base                  0.17-4     GNU Internationalization utilities

live-helper recommends no packages.

Versions of packages live-helper suggests:
ii  dosfstools       3.0.0-1                 utilities for making and checking 
ii  fakeroot         1.10.1                  Gives a fake root environment
ii  genext2fs        1.4.1-2.1               ext2 filesystem generator for embe
ii  genisoimage      9:1.1.8-1               Creates ISO-9660 CD-ROM filesystem
ii  grub             0.97-47                 GRand Unified Bootloader (Legacy v
ii  memtest86+       2.01-1.1                thorough real-mode memory tester
ii  mtools           3.9.11-1                Tools for manipulating MSDOS files
ii  parted           1.8.8.git.2008.03.24-10 The GNU Parted disk partition resi
ii  squashfs-tools   1:3.3-7                 Tool to create and append to squas
ii  sudo             1.6.9p17-1              Provide limited super user privile
ii  uuid-runtime     1.41.2-1                universally unique id library
ii  win32-loader     0.6.8                   Debian-Installer loader for win32

-- no debconf information

Reply to:

Prev by Date: problems with resolv.conf - nameserver
Next by Date: Re: problems with resolv.conf - nameserver
Previous by thread: Re: problems with resolv.conf - nameserver
Next by thread: Bug#501652: live-helper: lh_build fails if host has selinux enabled (even in permissive mode)
Index(es):
- Date
- Thread