[Reproducible-commits] [dpkg] 20/105: dpkg: Do not error out when failing to open the SE label db on permissive mode
Niko Tyni
ntyni at moszumanska.debian.org
Mon May 2 13:49:48 UTC 2016
This is an automated email from the git hooks/post-receive script.
ntyni pushed a commit to branch ntyni/reproducible_builds
in repository dpkg.
commit feaea05f7267762fe0b844e9b8d61d99a9909110
Author: Guillem Jover <guillem at debian.org>
Date: Wed Mar 16 11:53:26 2016 +0100
dpkg: Do not error out when failing to open the SE label db on permissive mode
If we are running in permissive mode (non-enforced) we should not
consider SE Linux issues as errors.
Closes: #811037
---
debian/changelog | 2 ++
src/selinux.c | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index dd063e4..d05bab8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -44,6 +44,8 @@ dpkg (1.18.5) UNRELEASED; urgency=medium
- Use it with dpkg --recursive option.
* Unify start-stop-daemon --help output with the rest of the tools.
* Search for debsig-verify in PATH instead of using an absolute path.
+ * Do not error out when failing to open the SE label db on permissive mode.
+ Closes: #811037
* Portability:
- Move DPKG_ADMINDIR environment variable name out from update-alternatives
code, to make life easier for non-dpkg-based systems.
diff --git a/src/selinux.c b/src/selinux.c
index 4d020b1..d56db16 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -76,7 +76,7 @@ dpkg_selabel_load(void)
}
sehandle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
- if (sehandle == NULL)
+ if (sehandle == NULL && security_getenforce() == 1)
ohshite(_("cannot get security labeling handle"));
#endif
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list