On Sun 15 May 15:08:29 2011, Roger Leigh wrote:
On Sun, May 15, 2011 at 01:41:41PM +0100, Roger Leigh wrote:
On Sat, May 14, 2011 at 06:44:29PM +0100, Martin Orr wrote:
> Directories and symlinks created as part of the /run transition are not
> labelled for SELinux. The effect is that most services fail to start on
> boot after transitioning to /run.
>
> You need to run restorecon after creating a directory or symbolic link
> in an init script or maintainer script. Attached patch does this.
>
> /run with SELinux also requires the refpolicy patch I have submitted in
> #626720. Once that is fixed, initscripts should probably have
> Breaks: selinux-policy-default (<< $FIXEDVERSION)
Hi Martin,
Is it safe to apply the patch /before/ refpolicy is updated or would
this break anything? Or is the Breaks: essential?
I could apply the patch today and then add the Breaks once refpolicy
is updated. Or I could wait until refpolicy is updated and do both
then.
If it is safe to apply now, this is my proposed patch (same as yours
with one conflict fixed):
Things are badly broken until both this patch and the refpolicy one
are applied so there is no harm by applying this patch right away. In
fact, given that the effect is a near-unbootable system it may be
worth adding an unversioned Breaks: selinux-policy-default until
refpolicy is updated.
--
Martin Orr
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
