Debian Bug report logs - #501652
live-helper: lh_build fails if host has selinux enabled (even in permissive mode)

version graph

Package: live-helper; Maintainer for live-helper is Debian Live Project <>;

Reported by: Pierre Chifflier <>

Date: Thu, 9 Oct 2008 09:03:03 UTC

Severity: normal

Tags: patch

Found in version live-helper/1.0.1-1

Fixed in version live-helper/1.0.1-2

Done: Daniel Baumann <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Debian Live <>:
Bug#501652; Package live-helper. (Thu, 09 Oct 2008 09:03:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Pierre Chifflier <>:
New Bug report received and forwarded. Copy sent to Debian Live <>. (Thu, 09 Oct 2008 09:03:09 GMT) Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Pierre Chifflier <>
To: Debian Bug Tracking System <>
Subject: live-helper: lh_build fails if host has selinux enabled (even in permissive mode)
Date: Thu, 09 Oct 2008 11:01:29 +0200
Package: live-helper
Version: 1.0.1-1
Severity: normal
Tags: patch

lh_build fails if selinux is enabled on the host filesystem,
even in permissive mode.

This happens when some packages are trying to add or update user
informations, with the following error:
Unpacking mysql-server-5.0 (from .../mysql-server-5.0_5.0.51a-15_i386.deb) ... 
chage: Permission denied.

The solution is to mount selinux during lh_build
For ex., I modified lh_chroot_sysfs to add:
mkdir -p chroot/selinux
${LH_ROOT_COMMAND} mount none -t selinuxfs chroot/selinux

and lh_clean
${LH_ROOT_COMMAND} umount -f chroot/selinux > /dev/null 2>&1 || true

I also changed lh_binary_chroot:
if [ -f chroot/selinux/policyvers ]
        if [ "${LH_USE_FAKEROOT}" != "enabled" ]
                ${LH_ROOT_COMMAND} umount chroot/selinux
                rm -rf chroot/selinux
                mkdir -p chroot/selinux

As I am not really satisfied of the patches (especially modifying
lh_chroot_sysfs .. maybe we should add lh_chroot_selinuxfs), I am not
attaching them, but if you want I can create a patch.


-- Package-specific info:

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages live-helper depends on:
ii  debootstrap                   1.0.10     Bootstrap a basic Debian system
ii  gettext-base                  0.17-4     GNU Internationalization utilities

live-helper recommends no packages.

Versions of packages live-helper suggests:
ii  dosfstools       3.0.0-1                 utilities for making and checking 
ii  fakeroot         1.10.1                  Gives a fake root environment
ii  genext2fs        1.4.1-2.1               ext2 filesystem generator for embe
ii  genisoimage      9:1.1.8-1               Creates ISO-9660 CD-ROM filesystem
ii  grub             0.97-47                 GRand Unified Bootloader (Legacy v
ii  memtest86+       2.01-1.1                thorough real-mode memory tester
ii  mtools           3.9.11-1                Tools for manipulating MSDOS files
ii  parted           1.8.8.git.2008.03.24-10 The GNU Parted disk partition resi
ii  squashfs-tools   1:3.3-7                 Tool to create and append to squas
ii  sudo             1.6.9p17-1              Provide limited super user privile
ii  uuid-runtime     1.41.2-1                universally unique id library
ii  win32-loader     0.6.8                   Debian-Installer loader for win32

-- no debconf information

Information forwarded to, Debian Live <>:
Bug#501652; Package live-helper. (Sun, 12 Oct 2008 09:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to
Extra info received and forwarded to list. Copy sent to Debian Live <>. (Sun, 12 Oct 2008 09:12:03 GMT) Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Daniel Baumann <>
Subject: Re: live-helper: lh_build fails if host has selinux enabled (even in permissive mode)
Date: Sun, 12 Oct 2008 11:08:38 +0200
tags 501652 +pending

should be fixed in git.

Address:        Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist

Tags added: pending Request was from Daniel Baumann <> to (Sun, 12 Oct 2008 09:12:04 GMT) Full text and rfc822 format available.

Message sent on to Pierre Chifflier <>:
Bug#501652. (Sun, 12 Oct 2008 09:12:06 GMT) Full text and rfc822 format available.

Reply sent to Daniel Baumann <>:
You have taken responsibility. (Tue, 11 Nov 2008 13:33:26 GMT) Full text and rfc822 format available.

Notification sent to Pierre Chifflier <>:
Bug acknowledged by developer. (Tue, 11 Nov 2008 13:33:27 GMT) Full text and rfc822 format available.

Message #20 received at (full text, mbox):

From: Daniel Baumann <>
Subject: Bug#501652: fixed in live-helper 1.0.1-2
Date: Tue, 11 Nov 2008 13:02:03 +0000
Source: live-helper
Source-Version: 1.0.1-2

We believe that the bug you reported is fixed in the latest version of
live-helper, which is due to be installed in the Debian FTP archive:

  to pool/main/l/live-helper/live-helper_1.0.1-2.diff.gz
  to pool/main/l/live-helper/live-helper_1.0.1-2.dsc
  to pool/main/l/live-helper/live-helper_1.0.1-2_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Daniel Baumann <> (supplier of updated live-helper package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.8
Date: Tue, 11 Nov 2008 13:00:00 +0100
Source: live-helper
Binary: live-helper
Architecture: source all
Version: 1.0.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Live <>
Changed-By: Daniel Baumann <>
 live-helper - Debian Live build scripts
Closes: 498385 499625 499656 499793 500677 500740 501652 502877
 live-helper (1.0.1-2) unstable; urgency=medium
   [ An-Cheng Huang ]
   * ignore harmless warnings from parted.
   [ Chris Lamb ]
   * Really fix LH_BOOTSTRAP="copy". Thanks to Andreas Teuchert
     <>. (Closes: #498385)
   * Ensure local packages lists are sourced over global ones (Closes: #499656)
   * Fix timing issue in create of source tarballs. Patch by Sebastian H
     <>. (Closes: #499793)
   * Additionally save the 'scripts/' subdirectory if it contains files when
     building source images.
   * Syncing options in lh_config(1) with lh_config, etc. Thanks to Luca Bruno.
   * Create a "missing-source.txt" file containing missing source packages
     instead of exiting.
   * Don't build up source package list inside chroot.
   * Install appropriate tasksel program.
   * Correcting sparc architecture detection to ensure correct source package
   * Include source for sparc-utils on that architecture.
   * Ensure all files installed via chroot_local-includes are owned by root:root.
     Thanks to Julien Cristau <>.
   * For consistency, don't preserve uid/gid for files in binary_local-includes.
   * Add utility function to call 'Exit' when script exits.
   * Print message when Exit is called.
   * Setup cleanup hook in the high-level helpers.
   * Refactor utility to locate conffiles.
   * Add utility to dump specified file to stdout.
   * Add utility to dump all conffiles to stdout.
   * Add lh_dumpconfig helper to print suitable output for pastebins and other
     remote debugging.
   [ Daniel Baumann ]
   * Adding explicit --yes to apt-get call when installing keyring packages
     (previously, this was inherited through Apt(); wrapper) (Closes: #499625).
   * Correcting wrong spelling of sl-modem-daemon in rescue list.
   * Fixing bcm43xx-fwcutter entry in rescue list, only available in etch.
   * Automatically correct LH_SETUP value if the configured losetup cannot be
   * Improving indices workaround by checking LH_BOOTSTRAP_FLAVOUR rather than
     LH_PACKAGES_LISTS in order to handle chicken-egg problem for installing
     apt-utils when having bootstrapped a minimal chroot.
   * Also accept x86_64 as alias for amd64 when checking for cross architecture
   * Adding virtualbox-ose hook.
   * Adding lh_chroot_selinuxfs helper to support building live images on a
     selinux enabled host (Closes: #501652).
   * Applying patch from Frederic Boiteux <> to support
     wildcards in rootfs exclude lists (Closes: #500677).
   * Making removal stage of lh_chroot_selinuxfs dependent on the existence of
     /selinux, otherwise that directory would be always created in the chroot.
   * Manually setting owner of /etc/skel to root.
   * Making sure /etc/sudoers has right owner/permissions.
   * Using simplified Require_stagefile(); calls by passing multiple arguments.
   * Enforcing lh_config to be run before lh_build, see also (Closes: #500740).
   * Updating version number in
   * Removing LIVE_* grep from Exit(); as we have switched to LH_* variables long
     time ago.
   * Adding unmount calls for pseudo-filesystems in Exit();.
   * Excluding ipppd from rescue list due to #502693.
   * Correcting intendation in
   * Adjusting code style of lh_dumpconfig.
   * Merging lh_dumpconfig into lh_config as --dump parameter.
   * Updating Debian Forensics packages in rescue list.
   * Using dd rather than cat to write mbr.bin to usb-hdd images; dd is more
     robust in case mbr.bin is corrupted.
   * Improving version output of lh_config --dump.
   * Removing double cryptsetup entry in rescue list.
   * Adding lsof in rescue list.
   * Updating to match internal namespace of included functions.
   * Marking grub and lilo in rescue list as amd64 and i386 only.
   * Grouping bootloaders in rescue list.
   * Adding hppa bootloader to rescue list.
   * Renaming internal Read_conffile(); to Read_conffiles(); for consistency
   * Generalizing internal Chroot(); by requiring its first argument to be the
     chroot directory.
   * Don't use set -e in sourced functions, this is the job of the actual
     executed script.
   * Check for availability of gettext at runtime, and only use it if existing.
   * Updating color functions.
   * Adding armel to architecture specific checks.
   * Slightly reordering genisoimage option assembling.
   * Slightely improving wording of the 'bootloader not yet supported' when
     creating images.
   * Updating signals in exit and lockfile traps.
   * Syncing internal lockfile functions.
   * Syncing internal l10n functions.
   * Generalizing internal LH_L10N variable.
   * Generalizing internal LH_FORCE variable.
   * Generalizing internal LH_DEBUG variable.
   * Generalizing internal LH_QUIET variable.
   * Generalizing internal LH_VERBOSE variable.
   * Generalizing internal LH_BREAKPOINTS variable.
   * Implementing colorful output (currently disabled by default, though).
   * Cleaning up code of 'lh' short helper.
   * Correcting manpage section reference in a comment in lh.
   * Removing double warning symbol.
   * Also checking for gettext catalogs to be installed before enabling l10n.
   * Using package variable to refere internally to live-helper.
   * Generalizing internal LH_CONFFILE variable.
   * Replacing obsolete dh_clean -k with dh_prep.
   [ Marco Amadori ]
   * lh_config --help and manpage 'copy' mention.
   * Ensure lh_binary_debian-installer includes local debs (Closes: #502877)
   [ Maximilian Gass ]
   * Only install memtest in lh_binary_syslinux if enabled.
   [ Kai Hendry ]
   * Removing etch-only madwifi-doc package from madwifi example hook.
 503539d95abd9732802ac3590bbb5e16f536cdc9 1239 live-helper_1.0.1-2.dsc
 007e7ba6226bf6e4c0c5272ed243b30e0317d4b9 37922 live-helper_1.0.1-2.diff.gz
 76307a55ffcf95be88f53eaba267f02619ac6e5b 1857734 live-helper_1.0.1-2_all.deb
 09b455210ec0b4c539ac2dc9c9a5446badc7dc0f2da7bfb1cd31303d1207ba7e 1239 live-helper_1.0.1-2.dsc
 bbcddc8f632e649016f48f239160b336dfe680d1d180039e52946b739334aadb 37922 live-helper_1.0.1-2.diff.gz
 4be79b70b49db0da0953271273619b046ed21524a5d981e8d87d1300ea7b23c9 1857734 live-helper_1.0.1-2_all.deb
 e39d82ca8ba3fa6037eb1b84d7e5a933 1239 misc optional live-helper_1.0.1-2.dsc
 124e698c02f4036b2bbcf31b97412a69 37922 misc optional live-helper_1.0.1-2.diff.gz
 01e07f1b7f0c201b3fd21764f125900c 1857734 misc optional live-helper_1.0.1-2_all.deb

Version: GnuPG v1.4.9 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Wed, 17 Dec 2008 07:28:33 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Sat Apr 19 20:56:10 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.