Package: setroubleshoot
Version: 2.0.12-2
Severity: important
Tags: patch
The way you are testing selinux's presence seems to be wrong.
r...@champaran:~$ sestatus=$(sestatus ||: 2>/dev/null)
r...@champaran:~$ echo $sestatus
SELinux status: enabled SELinuxfs mount: /selinux Current mode:
permissive Mode from config file: permissivePolicy version: 24 Policy
from config file: default
r...@champaran:~$ is_enabled=$(echo $sestatus |grep status |tr " " "\n"
|tail -n 1)
r...@champaran:~$ echo $is_enabled
default
r...@champaran:~$ echo $sestatus |grep status |tr " " "\n" |tail -n 1
default
SELinux has a simple util to check for its presence, selinuxenabled.
Here's what the manpage says:
DESCRIPTION
selinuxenabled Indicates whether SELinux is enabled or disabled.
It exits with status 0 if SELinux
is enabled and 1 if it is not enabled.
I believe not many Debian Developer's use SELinux. :-)
Otherwise this would have been caught much earlier.
Attached patch should be able to determine SELinux's presence more
reliably.
Ritesh
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.28-custom (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages setroubleshoot depends on:
ii dbus 1.2.1-5 simple interprocess messaging syst
ii python 2.5.2-3 An interactive high-level object-o
ii python-audit 1.7.4-1 Python bindings for security audit
ii python-gtkhtml2 2.19.1-3.1 Python bindings for the GtkHTML 2
ii python-notify 0.1.1-2+b1 Python bindings for libnotify
ii python-rpm 4.4.2.3-1 Python bindings for RPM
ii python-support 0.8.7 automated rebuilding support for P
Versions of packages setroubleshoot recommends:
ii auditd 1.7.4-1 User space tools for security audi
ii policycoreutils 2.0.49-8 SELinux core policy utilities
ii selinux-policy-default 2:0.0.20080702-6 Strict and Targeted variants of th
ii setroubleshoot-plugins 2.0.12-1 Tool to help troubleshoot SELinux
setroubleshoot suggests no packages.
-- no debconf information
--- setroubleshoot.orig 2009-02-14 02:05:20.000000000 +0530
+++ setroubleshoot 2009-02-14 02:11:21.000000000 +0530
@@ -94,14 +94,19 @@
set -e
check_selinux_enabled() {
- sestatus=$(sestatus ||: 2>/dev/null)
- is_enabled=$(echo $sestatus |grep status |tr " " "\n" |tail -n 1)
-
- if [ "x$is_enabled" != "xenabled" ]; then
- echo "SElinux is disabled, doing nothing"
- exit 0
+ if ! [ -x /usr/sbin/selinuxenabled ]; then
+ echo "SELinux doesn't seem to be installed, doing nothing";
+ exit 0
+ else
+ selinuxenabled;
+ is_enabled=$?;
+
+ if [ "x$is_enabled" != "x0" ]; then
+ echo "SElinux is disabled, doing nothing"
+ exit 0
+ fi
+ return 0
fi
- return 0
}
running_pid() {
