[Pbuilder-maint] Bug#384389: pbuilder: SELinux support,
first step: mount /selinux
Erich Schubert
erich at debian.org
Wed Aug 23 21:42:09 UTC 2006
Package: pbuilder
Version: 0.157
Severity: normal
Tags: patch
Hi,
currently, pbuilder won't run on SELinux systems, even in non-enforcing
("permissive") mode, where SELinux doesn't actually block any access.
I'd like to get pbuilder working for the "targeted" policy at least
(where processes can be ran "unconfined").
The problem arises with some "su" command executed by pbuilder, which
asks for a password.
The workaround is simple - just mount /selinux
suggested fix:
in "/usr/lib/pbuilder/pbuilder-modules", add to mount_proc:
---
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
mkdir -p $BUILDPLACE/selinux
mount -t selinuxfs /selinux "$BUILDPLACE/selinux"
fi
---
and to "umount_proc":
---
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
umount_one "selinux"
fi
---
If I didn't mess up the if statement, this modification shouldn't have
any effect on non-SELinux systems. It's only tested yet with
"non-enforcing" mode, I bet there is some more work to do to be able to
use pbuilder on a SELinux system which is actually enforcing the policy,
but these changes will hopefully be outside of pbuilder.
Thanks for this great app.
More information about the Pbuilder-maint
mailing list