Package: plymouth Version: 22.02.122-3 Severity: normal Tags: patch The cp -a command preserves timestamps, permissions, ownership, and all attributes. An initramfs doesn't need ownership (/etc/passwd doesn't match and everything runs as root), and doesn't really need permissions except in the case of executables. It also can't have SE Linux contexts as the policy isn't loaded into the kernel.
The current version of plymouth uses cp -a to copy fonts etc which tries to preserve their SE Linux contexts. Generally we don't want the process that makes an initramfs to have the ability to write to things outside of that which means that it can't create font dirs with the type fonts_t under /var/tmp. The solution is to use "cp -r" to copy the files in question, I've attached a patch to do this. Another option would be to use "cp -rpd" which gets closer to the original but shouldn't be necessary. I've created an initramfs with this patch applied, run unmkinitramfs, and then run diff on the output to show that it didn't change the contents when compared to an initramfs created in permissive mode. -- System Information: Debian Release: trixie/sid Architecture: amd64 (x86_64) Kernel: Linux 6.4.0-3-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: unable to detect Versions of packages plymouth depends on: ii init-system-helpers 1.65.2 ii initramfs-tools 0.142 ii libc6 2.37-7 ii libdrm2 2.4.115-1 ii libplymouth5 22.02.122-3 ii systemd 254.1-3 ii sysvinit-utils [lsb-base] 3.07-1 ii udev 254.1-3 plymouth recommends no packages. Versions of packages plymouth suggests: ii desktop-base 12.0.6+nmu1 pn plymouth-themes <none> -- debconf-show failed
