[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#984642: marked as done (unblock: policycoreutils/3.1-3)

Your message dated Sat, 13 Mar 2021 13:16:41 +0000
with message-id <E1lL48H-0001Se-4y@respighi.debian.org>
and subject line unblock policycoreutils
has caused the Debian Bug report #984642,
regarding unblock: policycoreutils/3.1-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
984642: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984642
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package policycoreutils

(Please provide enough (but not too much) information to help
the release team to judge the request efficiently. E.g. by
filling in the sections below.)

[ Reason ]
This version fixes bug #983447 which is grave and risks kicking the package
out of Bullseye.  It also closes bug #922448 and avoids trying to relabel
non-persistent filesystems on reboot.

[ Impact ]
All SE Linux packages get removed from Debian I guess, catastrophic for all
SE Linux users in Debian.

[ Tests ]
Manual test is to create an empty file /.autorelabel and reboot the system
and verify that it causes a relabel, then create a file /.autorelabel with
the contents "-F" and verify that it works.

[ Risks ]
The changed code is pretty simple, and in day to day usage it isn't even
used.  It's only used for corner cases of an initial installation.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
(Anything else the release team should know.)

unblock policycoreutils/3.1-3

Here is the debdiff:

diff -Nru policycoreutils-3.1/debian/changelog policycoreutils-3.1/debian/changelog
--- policycoreutils-3.1/debian/changelog	2021-02-11 02:46:48.000000000 +1100
+++ policycoreutils-3.1/debian/changelog	2021-03-05 20:45:24.000000000 +1100
@@ -1,3 +1,16 @@
+policycoreutils (3.1-3) unstable; urgency=medium
+
+  * Remove needless quotes around $FORCE variable in
+    /lib/systemd/selinux-autorelabel to avoid shell error on empty file
+    Closes: #983447
+  * Add check for noautorelabel command line option to prevent relabeling
+    Closes: #922448
+  * Make fixfiles avoid trying to relabel tmpfs and other non-permanent
+    filesystems
+    Closes: #984567
+
+ -- Russell Coker <russell@coker.com.au>  Fri, 05 Mar 2021 20:45:24 +1100
+
 policycoreutils (3.1-2) unstable; urgency=medium
 
   [ Laurent Bigonville ]
diff -Nru policycoreutils-3.1/debian/local/selinux-autorelabel policycoreutils-3.1/debian/local/selinux-autorelabel
--- policycoreutils-3.1/debian/local/selinux-autorelabel	2021-02-11 02:46:48.000000000 +1100
+++ policycoreutils-3.1/debian/local/selinux-autorelabel	2021-03-05 20:32:47.000000000 +1100
@@ -29,7 +29,7 @@
 
 	FORCE=$(cat /.autorelabel)
 	[ -x "/sbin/quotaoff" ] && /sbin/quotaoff -aug
-	/sbin/fixfiles "$FORCE" restore
+	/sbin/fixfiles $FORCE restore
     fi
     rm -f  /.autorelabel
     [ -x /usr/lib/dracut/dracut-initramfs-restore ] && /usr/lib/dracut/dracut-initramfs-restore
diff -Nru policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh
--- policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh	2021-02-11 02:46:48.000000000 +1100
+++ policycoreutils-3.1/debian/local/selinux-autorelabel-generator.sh	2021-03-05 20:05:29.000000000 +1100
@@ -21,6 +21,9 @@
 }
 
 if selinuxenabled; then
+    if grep -sqE "\bnoautorelabel\b" /proc/cmdline; then
+        exit 0
+    fi
     if test -f /.autorelabel; then
         set_target
     elif grep -sqE "\bautorelabel\b" /proc/cmdline; then
diff -Nru policycoreutils-3.1/debian/patches/fixfiles-remove-extras policycoreutils-3.1/debian/patches/fixfiles-remove-extras
--- policycoreutils-3.1/debian/patches/fixfiles-remove-extras	1970-01-01 10:00:00.000000000 +1000
+++ policycoreutils-3.1/debian/patches/fixfiles-remove-extras	2021-03-05 20:37:08.000000000 +1100
@@ -0,0 +1,13 @@
+Index: policycoreutils-3.1/scripts/fixfiles
+===================================================================
+--- policycoreutils-3.1.orig/scripts/fixfiles
++++ policycoreutils-3.1/scripts/fixfiles
+@@ -45,7 +45,7 @@ FS="`cat /proc/self/mounts | sort | uniq
+ for i in $FS; do
+ 	if [ `useseclabel` -ge 0 ]
+ 	then
+-		grep " $i " /proc/self/mounts | awk '{print $4}' | egrep --silent '(^|,)seclabel(,|$)' && echo $i
++		grep " $i " /proc/self/mounts | egrep -v "(tmpfs)|( /sys)|(^devpts)|(^hugetlbfs)|(^mqueue)" | awk '{print $4}' | egrep --silent '(^|,)seclabel(,|$)' && echo $i
+ 	else
+ 		grep " $i " /proc/self/mounts | grep -v "context=" | egrep --silent '(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs )' && echo $i
+ 	fi
diff -Nru policycoreutils-3.1/debian/patches/series policycoreutils-3.1/debian/patches/series
--- policycoreutils-3.1/debian/patches/series	2021-02-11 02:46:48.000000000 +1100
+++ policycoreutils-3.1/debian/patches/series	2021-03-05 20:33:22.000000000 +1100
@@ -1 +1,2 @@
 fixfiles-correctly-restore-context-of-mountpoints.patch
+fixfiles-remove-extras

--- End Message ---
--- Begin Message --- 
Unblocked policycoreutils.

--- End Message ---
Reply to: