Bug#559539: libselinux1: Selinux warnings during installation of grub-pc in clean sid chroot

Sun, 06 Dec 2009 08:31:32 -0800 

On Sun, Dec 06 2009, Clint Adams wrote:

> On Sun, Dec 06, 2009 at 08:28:37AM -0600, Manoj Srivastava wrote:
>>         All right. At this point, we don't know why this is happening,
>>  except that it is a sed call that is producing these warnings. So,
>>  there is code in sed that probably needs to be modified (though it
>>  might be some other library as well). We should involve an expert on
>>  sed internals to help us move the diagnosis of the  problem further
>>  along.
>> 
>>         Reassigning, in the hope that it gets either a fix, or
>>  reassigned to the package where it belongs.
>
> The warning indicates that is_selinux_enabled() returns true and that
> getfilecon() returns -1 and errno is set to ENODATA.
>
> So I suppose the question is why is_selinux_enabled() would return true
> on a system where it's not enabled.

        Well,  is_selinux_enabled() does this:
 A) If we are init, we look to see if the preferred mount point
    (/selinux) has a selinuxfs on it,  and if so, we say selinux is
    enabled if the kernel says so. 
 B) If not, or if we are not init, we look into /proc/mounts, and see if
    there is a selinuxfs available, if so, we ask the kernel about  the
    state of selinux, and report.

        Now, if it is a clean chroot, there should be no indication that
 there is selinux around. Of course, if the chroot mounts /proc from the
 host, and tells us lies about the state of things, then all bets are
 off, and we live with the warning messages that come from programs
 believing that the /proc we are reading is telling the truth.


>> > sed: warning: failed to get security context of /tmp/grub.zAsxTyPc8P: No 
>> > data available
>> > sed: warning: failed to get security context of /tmp/grub.zAsxTyPc8P: No 
>> > data available
>> >
>> > IMO such warnings should never be generated on a system that does not
>> > have selinux installed and active.
>> >
>> > The chroot was created on an amd64/lenny host system that does not use
>> > selinux.

        manoj
-- 
"Just the facts, Ma'am" Joe Friday
Manoj Srivastava <sriva...@acm.org> <http://www.golden-gryphon.com/>  
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to