Bug#506917: pbuilder does not work correctly with selinux if selinux-utils is not installed

Alexander Block ablock at blocksoftware.net
Tue Nov 25 21:59:30 UTC 2008 

Package: pbuilder
Version: 0.181
Severity: normal

Hello,

While testing my self created debian package with pbuilder, I came across 
the following error message when calling "sudo pbuilder build hexec_0.1.1-1.dsc"

...
Extracting source
+ echo 'chown pbuilder:pbuilder /tmp/buildd /tmp/buildd/*'
+ chroot /home/ablock/work/pbuilder-cache/build//26610 /bin/bash
+ :
++ basename hexec_0.1.1-1.dsc
+ chroot /home/ablock/work/pbuilder-cache/build//26610 env LOGNAME=pbuilder su -p pbuilder
+ echo '( cd tmp/buildd; /usr/bin/dpkg-source -x hexec_0.1.1-1.dsc )'
Password: su: Authentication failure
+ echo 'pbuilder: Failed extracting the source'
pbuilder: Failed extracting the source
+ exit 1
+ umountproc_cleanbuildplace_trap
+ umountproc_cleanbuildplace
+ '[' 1 -ne 0 ']'
+ echo ' -> Aborting with an error'
 -> Aborting with an error
...

I've done some tests with "sudo pbuilder login" to figure out what the 
problem is. In the pbuilder shell, root had nearly no rights 
(no su, passwd, ...) and often super user programs did give selinux 
error messages (system_u:system_r:kernel_t:s0 is not authorized to XXX). 
So the problem was selinux.

/usr/lib/pbuilder/pbuilder-modules is looking for /usr/sbin/selinuxenabled
to decide if mounting /selinux is required or not. The problem is, that
/usr/sbin/selinuxenabled is only available if the package selinux-utils 
is installed. selinux-utils was not installed on my machine. When installing
selinux-utils, pbuilder works as expected.

Some suggested solutions:
- Set selinux-utils as dependency for pbuilder
- Mount /selinux always if it is present (ignoring /usr/sbin/selinuxenabled)
- Always try to mount /selinux (even ignoring the presence of /selinux on the real root fs)
  I'm not sure what mount will do if you try to call "mount -t selinuxfs /selinux", but
  I would expect it to fail if the kernel has no selinux support. I'm also not sure
  about possible side effects.
- Add a hint to the documentation for users who encounter similar problems.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27.7-c1 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages pbuilder depends on:
ii  coreutils                     6.10-6     The GNU core utilities
ii  debconf [debconf-2.0]         1.5.24     Debian configuration management sy
ii  debianutils                   2.30       Miscellaneous utilities specific t
ii  debootstrap                   1.0.10     Bootstrap a basic Debian system
ii  gcc                           4:4.3.2-2  The GNU C compiler
ii  wget                          1.11.4-2   retrieves files from the web

Versions of packages pbuilder recommends:
ii  cowdancer                     0.47       Copy-on-write directory tree utili
ii  devscripts                    2.10.35    scripts to make the life of a Debi
ii  fakeroot                      1.11       Gives a fake root environment
ii  sudo                          1.6.9p17-1 Provide limited super user privile

Versions of packages pbuilder suggests:
pn  pbuilder-uml                  <none>     (no description available)

-- debconf information:
  pbuilder/mirrorsite: http://cdn.debian.net/debian
  pbuilder/nomirror:
  pbuilder/rewrite: false

More information about the Pbuilder-maint mailing list