Bug#384389: [Pbuilder-maint] Bug#384389: pbuilder: SELinux support,
first step: mount /selinux
Junichi Uekawa
dancer at netfort.gr.jp
Thu Aug 24 22:54:04 UTC 2006
Hi,
> > > if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
> > Is this condition enough to determine /selinux is mountable ?
>
> If selinux is enabled, /selinux has to be mounted AFAIK.
> So AFAIK that is the best way to test that selinux is enabled.
>
> > > mkdir -p $BUILDPLACE/selinux
> > This directory may already exist, so error should be ignored
>
> Thats what the -p is good for. $BUILDPLACE already exists. And I added
> it just below the same statement for $BUILDPLACE/proc
Hmmm okay. Bad me.
> > > mount -t selinuxfs /selinux "$BUILDPLACE/selinux"
> > Is 'selinuxfs' always available when the above condition is true?
>
> I think so. The mount may however fail in enforcing mode, but thats a
> policy issue. If it fails and selinux above is enabled, pbuilder likely
> will not work with the same symptoms I had without these lines anyway -
> su requiring a password. So what can get worse?
Sounds good, I'll apply the patch; since I don't have a selinux system
that after I release the new version could you send logs of it
successfully running under selinux?
regards,
junichi
--
dancer@{debian.org,netfort.gr.jp} Debian Project
More information about the Pbuilder-maint
mailing list