reassign 559539 libselinux1 2.0.89-4
thanks
On Sunday 06 December 2009, Manoj Srivastava wrote:
> Could you please check what you get when you run:
Host is amd64/lenny:
$ grep selinux /proc/mounts
$
> If selinuxfs is not mounted, you should never get a true
> response from is_selinuc_enabled(), and in that case i would
> appreciate a recipe for reproducing this (how was the chroot created,
> and what were you doing in the chroot, etc), and I'll get upstream
> involved in this discussion.
Info is already in the BR, but here it is in detail.
$ mkdir sid-tmp
This directory is created under ~/tmp/ in a logical volume on a LUKS
encrypted partition.
$ sudo debootstrap sid sid-tmp/ http://www/debian
$ sudo chroot sid-tmp/
# export LC_ALL=C
# aptitude install grub-pc
[...]
Setting up grub-pc (1.97+20091130-1) ...
sed: warning: failed to get security context of /tmp/grub.ZMaUaRiSl3: No
data available
sed: warning: failed to get security context of /tmp/grub.ZMaUaRiSl3: No
data available
# ls /proc
#
So, this is with /proc unmounted in the chroot!
# aptitude purge grub-pc grub-common os-prober
# mount -t proc none /proc/
# grep selinux /proc/mounts
#
# grep selinux /proc/filesystems
#
If I repeat the installation of grub-pc now, the warnings do *not* occur,
so there seems to be a bug that blindly assumes selinux is active if /proc
is not mounted?
Attached an strace for one of the sed processes which shows the file
accesses from libselinux1 with /proc unmounted.
Hmmm. is_selinux_enabled() in src/enabled.c has the following code which is
executed if selinux_mnt is NULL:
/* Drop back to detecting it the long way. */
fp = fopen("/proc/filesystems", "r");
if (!fp)
return -1;
So, is_selinux_enabled() returns -1 here, which makes the test in sed true:
./sed-4.2.1/sed/execute.c:748: if (is_selinux_enabled ())
Should sed maybe explicitly test for a value of 1 (or > 0) instead?
Cheers,
FJP
close(255) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGTSTP, {SIG_DFL, [], SA_RESTORER, 0x7fef678fbfd0}, {SIG_DFL, [],
0}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_DFL, [], SA_RESTORER, 0x7fef678fbfd0}, {SIG_DFL, [],
0}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_DFL, [], SA_RESTORER, 0x7fef678fbfd0}, {SIG_DFL, [],
0}, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL, [], SA_RESTORER, 0x7fef678fbfd0}, {0x456780, [],
SA_RESTORER, 0x7fef678fbfd0}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_DFL, [], SA_RESTORER, 0x7fef678fbfd0}, {SIG_IGN, [],
SA_RESTORER, 0x7fef678fbfd0}, 8) = 0
rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER, 0x7fef678fbfd0}, {0x441b50,
[], SA_RESTORER, 0x7fef678fbfd0}, 8) = 0
execve("/bin/sed", ["sed", "-i", "-re",
"s...@^(GRUB_CMDLINE_LINUX=)....@\\1\"\"@", "/tmp/grub.uLO67aAI8j"], [/* 26
vars */]) = 0
brk(0) = 0xa37000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fafdf8bb000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fafdf8b9000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=6822, ...}) = 0
mmap(NULL, 6822, PROT_READ, MAP_PRIVATE, 4, 0) = 0x7fafdf8b7000
close(4) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libselinux.so.1", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 ]\0\0\0\0\0\0"..., 832)
= 832
fstat(4, {st_mode=S_IFREG|0644, st_size=113736, ...}) = 0
mmap(NULL, 2213640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) =
0x7fafdf483000
mprotect(0x7fafdf49e000, 2093056, PROT_NONE) = 0
mmap(0x7fafdf69d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x1a000) = 0x7fafdf69d000
mmap(0x7fafdf69f000, 1800, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fafdf69f000
close(4) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY) = 4
read(4,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\353\1\0\0\0\0\0"..., 832) =
832
fstat(4, {st_mode=S_IFREG|0755, st_size=1379752, ...}) = 0
mmap(NULL, 3487784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) =
0x7fafdf12f000
mprotect(0x7fafdf279000, 2097152, PROT_NONE) = 0
mmap(0x7fafdf479000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x14a000) = 0x7fafdf479000
mmap(0x7fafdf47e000, 18472, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fafdf47e000
close(4) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libdl.so.2", O_RDONLY) = 4
read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"...,
832) = 832
fstat(4, {st_mode=S_IFREG|0644, st_size=14696, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fafdf8b6000
mmap(NULL, 2109696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) =
0x7fafdef2b000
mprotect(0x7fafdef2d000, 2097152, PROT_NONE) = 0
mmap(0x7fafdf12d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0x7fafdf12d000
close(4) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fafdf8b5000
arch_prctl(ARCH_SET_FS, 0x7fafdf8b5790) = 0
mprotect(0x7fafdf12d000, 4096, PROT_READ) = 0
mprotect(0x7fafdf479000, 16384, PROT_READ) = 0
mprotect(0x7fafdf69d000, 4096, PROT_READ) = 0
mprotect(0x7fafdf8bc000, 4096, PROT_READ) = 0
munmap(0x7fafdf8b7000, 6822) = 0
statfs("/selinux", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=2580302,
f_bfree=1221990, f_bavail=1090918, f_files=655360, f_ffree=452016,
f_fsid={-544761049, -1226679353}, f_namelen=255, f_frsize=4096}) = 0
brk(0) = 0xa37000
brk(0xa58000) = 0xa58000
open("/proc/filesystems", O_RDONLY) = -1 ENOENT (No such file or directory)
open("//lib/charset.alias", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/tmp/grub.uLO67aAI8j", O_RDONLY) = 4
ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff8e4ba560) = -1 ENOTTY
(Inappropriate ioctl for device)
fstat(4, {st_mode=S_IFREG|0644, st_size=735, ...}) = 0
open("/proc/filesystems", O_RDONLY) = -1 ENOENT (No such file or directory)
getxattr("/tmp/grub.uLO67aAI8j", "security.selinux", 0xa3a030, 255) = -1
ENODATA (No data available)
write(2, "sed: warning: failed to get secu"..., 87) = 87
umask(0700) = 022
getpid() = 24453
open("/tmp/sedJquAgG", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
umask(022) = 0700
fcntl(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE)
fstat(5, {st_mode=S_IFREG, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fafdf8b8000
lseek(5, 0, SEEK_CUR) = 0
fstat(4, {st_mode=S_IFREG|0644, st_size=735, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fafdf8b7000
read(4, "# If you change this file, run '"..., 4096) = 735
write(5, "# If you change this file, run '"..., 66) = 66
write(5, "# /boot/grub/grub.cfg.\n", 23) = 23
write(5, "\n", 1) = 1
write(5, "GRUB_DEFAULT=0\n", 15) = 15
write(5, "GRUB_TIMEOUT=5\n", 15) = 15
write(5, "GRUB_DISTRIBUTOR=`lsb_release -i"..., 65) = 65
write(5, "GRUB_CMDLINE_LINUX_DEFAULT=\"quie"..., 35) = 35
write(5, "GRUB_CMDLINE_LINUX=\"\"\n", 22) = 22
write(5, "\n", 1) = 1
write(5, "# Uncomment to disable graphical"..., 57) = 57
write(5, "#GRUB_TERMINAL=console\n", 23) = 23
write(5, "\n", 1) = 1
write(5, "# The resolution used on graphic"..., 44) = 44
write(5, "# note that you can use only mod"..., 76) = 76
write(5, "# you can see them in real GRUB "..., 59) = 59
write(5, "#GRUB_GFXMODE=640x480\n", 22) = 22
write(5, "\n", 1) = 1
write(5, "# Uncomment if you don't want GR"..., 78) = 78
write(5, "#GRUB_DISABLE_LINUX_UUID=true\n", 30) = 30
write(5, "\n", 1) = 1
write(5, "# Uncomment to disable generatio"..., 64) = 64
write(5, "#GRUB_DISABLE_LINUX_RECOVERY=\"tr"..., 36) = 36
read(4, "", 4096) = 0
fchmod(5, 0100644) = 0
fchown(5, 0, 0) = 0
close(4) = 0
munmap(0x7fafdf8b7000, 4096) = 0
close(5) = 0
munmap(0x7fafdf8b8000, 4096) = 0
rename("/tmp/sedJquAgG", "/tmp/grub.uLO67aAI8j") = 0
close(1) = 0
close(2) = 0
exit_group(0) = ?
