Package: libselinux1 Version: 3.4-1 SELinux: deactivated Src: https://salsa.debian.org/selinux-team/libselinux/-/blob/debian/src/selinux_restorecon.c <https://salsa.debian.org/selinux-team/libselinux/-/blob/debian/src/selinux_restorecon.c>
Hey, after today’s updated of „libselinux1“ to upstream version 3.4 in Debian Testing we encounter issues while setting contexts using „setfiles“ which seems to be related in https://salsa.debian.org/selinux-team/libselinux/-/blob/debian/src/selinux_restorecon.c#L711-716 <https://salsa.debian.org/selinux-team/libselinux/-/blob/debian/src/selinux_restorecon.c#L711-716> where „lgetfilecon_raw“ got replaced by the new function „fgetfilecon_raw“. However, this seems to need an active SELinux environment for „fgetxattr“ function that needs /proc for „xattr“. As a result this fails with (example): /sbin/setfiles: Could not set context for /etc/hosts: No such file or directory Example trace (another file): openat(AT_FDCWD, "/etc/idmapd.conf", O_RDONLY|O_EXCL|O_NOFOLLOW|O_PATH) = 4 newfstatat(4, "", {st_mode=S_IFREG|0644, st_size=171, ...}, AT_EMPTY_PATH) = 0 fgetxattr(4, "security.selinux", 0x55c65d6e3eb0, 255) = -1 EBADF (Bad file descriptor) fcntl(4, F_GETFL) = 0x220000 (flags O_RDONLY|O_NOFOLLOW|O_PATH) getxattr("/proc/self/fd/4", "security.selinux", 0x55c65d6e3eb0, 255) = -1 ENOENT (No such file or directory) write(2, "/sbin/setfiles: ", 16/sbin/setfiles: ) = 16 write(2, "Could not set context for /etc/i"..., 71Could not set context for /etc/idmapd.conf: No such file or directory) = 71 close(4) While I can understand that most SELinux users would use this command(s) more or less only on SELinux activated systems, there’re still some scenarios left where this may be important like „chroots“ or similar. Thanks, gyptazy
