Debian Bug report logs - #580272
sysvinit: Does not load SELinux policy

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martin Orr <martin@martinorr.name>

To: submit@bugs.debian.org

Subject: sysvinit: Does not load SELinux policy

Date: Tue, 04 May 2010 23:08:37 +0100

Subject: sysvinit: Does not load SELinux policy
Package: sysvinit
Version: 2.88dsf-2
Severity: important

I have a sid system with SELinux enabled (custom kernel, with an initrd).
sysvinit 2.88 from experimental does not mount /selinux or load the 
SELinux policy on boot.

With sysvinit 2.87dsf-10, all is fine.  I get messages like the 
following on screen immediately before "INIT: version 2.86 booting"
type=1404 audit(1268846390.590:2): enforcing=1 old_enforcing=0 
auid=4294967295 ses=4294967295
type=1403 audit(1268846390.909:3): policy loaded auid=4294967295 
ses=4294967295

With sysvinit 2.88dsf-2 there are no such messages and policy is never loaded.



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.33 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sysvinit depends on:
ii  initscripts                   2.88dsf-2  scripts for initializing 
and shutt
ii  libc6                         2.11-0exp7 Embedded GNU C Library: 
Shared lib
ii  libselinux1                   2.0.94-1   SELinux runtime shared libraries
ii  libsepol1                     2.0.40-2   SELinux library for 
manipulating b
ii  sysv-rc                       2.88dsf-2  System-V-like runlevel 
change mech
ii  sysvinit-utils                2.88dsf-2  System-V-like utilities

sysvinit recommends no packages.

sysvinit suggests no packages.

-- no debconf information

Message #10 received at 580272@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@hungry.com>

To: Martin Orr <martin@martinorr.name>, 580272@bugs.debian.org

Subject: Re: Bug#580272: sysvinit: Does not load SELinux policy

Date: Wed, 5 May 2010 21:07:23 +0200

[Martin Orr]
> With sysvinit 2.88dsf-2 there are no such messages and policy is
> never loaded.

Hm, that is nasty.  Any idea what is wrong with the relevant code in
src/init.d?  The current one look like this:

#ifdef WITH_SELINUX
        if (getenv("SELINUX_INIT") == NULL) {
          const int rc = mount("proc", "/proc", "proc", 0, 0);
          if (is_selinux_enabled() > 0) {
            putenv("SELINUX_INIT=YES");
            if (rc == 0) umount2("/proc", MNT_DETACH);
            if (selinux_init_load_policy(&enforce) == 0) {
              execv(myname, argv);
            } else {
              if (enforce > 0) {
                /* SELinux in enforcing mode but load_policy failed */
                /* At this point, we probably can't open /dev/console, so log() wo
n't work */
                fprintf(stderr,"Unable to load SELinux Policy. Machine is in enfor
cing mode. Halting now.\n");
                exit(1);
              }
            }
          }
          if (rc == 0) umount2("/proc", MNT_DETACH);
        }
#endif

I do not know the selinux stuff myself, so I need help from someone
who can test fixes. :)

Happy hacking,
-- 
Petter Reinholdtsen

Message #15 received at 580272@bugs.debian.org (full text, mbox, reply):

From: Martin Orr <martin@martinorr.name>

To: Petter Reinholdtsen <pere@hungry.com>

Cc: 580272@bugs.debian.org

Subject: Re: Bug#580272: sysvinit: Does not load SELinux policy

Date: Thu, 06 May 2010 23:32:06 +0100

On Wed  5 May 20:07:23 2010, Petter Reinholdtsen wrote:

> [Martin Orr]
>> With sysvinit 2.88dsf-2 there are no such messages and policy is
>> never loaded.
>
> Hm, that is nasty.  Any idea what is wrong with the relevant code in
> src/init.d?  The current one look like this:

The differences between the old and new code are:
- the sense of the is_selinux_enabled() test is reversed
- /proc is mounted, but I think that this is irrelevant in my case 
because /proc should be already mounted by the initrd.

Presumably the thinking here is that is_selinux_enabled() should return 
1 on a system configured to use SELinux, 0 otherwise, and that the test 
was previously broken because of not mounting /proc.  However 
is_selinux_enabled() only returns 1 after a policy has been loaded, so 
it is of no use to init in trying to find out whether it should load an 
initial policy.

> I do not know the selinux stuff myself, so I need help from someone
> who can test fixes. :)

I am happy to test things.  I shall ask on the SELinux list and with 
init upstream what init should be happening here.

Best wishes,
Martin Orr

Message #20 received at 580272@bugs.debian.org (full text, mbox, reply):

From: "Dr. Werner Fink" <werner@suse.de>

To: Petter Reinholdtsen <pere@hungry.com>

Cc: sysvinit-devel@nongnu.org, Martin Orr <martin@martinorr.name>, 580272@bugs.debian.org

Subject: Re: [sysvinit-devel] sysvinit do not enable SELinux when it should

Date: Fri, 7 May 2010 09:08:52 +0200

On Fri, May 07, 2010 at 08:25:28AM +0200, Petter Reinholdtsen wrote:
> According to <URL: http://bugs.debian.org/580272 >, the sysvinit code
> to enable SELinux is broken.  Werner, you implemented the current
> version.  Do you have any idea how it should be fixed?

The only change between the old version is the check for the
return value of is_selinux_enabled() ... here the old code:

   if (getenv("SELINUX_INIT") == NULL && !is_selinux_enabled()) {
           putenv("SELINUX_INIT=YES");
           if (selinux_init_load_policy(&enforce) == 0 ) {
                   execv(myname, argv);
           } else {
                   if (enforce > 0) {
                           /* SELinux in enforcing mode but load_policy failed */
                           /* At this point, we probably can't open /dev/console, so log() won't work */
                           printf("Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
                           exit(1);
                   }
           }
   }

and now the new code

   if (getenv("SELINUX_INIT") == NULL) {
     const int rc = mount("proc", "/proc", "proc", 0, 0);
     if (is_selinux_enabled() > 0) {
       putenv("SELINUX_INIT=YES");
       if (rc == 0) umount2("/proc", MNT_DETACH);
       if (selinux_init_load_policy(&enforce) == 0) {
         execv(myname, argv);
       } else {
         if (enforce > 0) {
           /* SELinux in enforcing mode but load_policy failed */
           /* At this point, we probably can't open /dev/console, so log() won't work */
           fprintf(stderr,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.\n");
           exit(1);
         }
       }
     }
     if (rc == 0) umount2("/proc", MNT_DETACH);
   }

as it can be seen the check of the return value of selinux_init_load_policy()
has not changed but the check of the return value of is_selinux_enabled()
this was done due a bug report as is_selinux_enabled() may return -1 on an
error (not mounted /proc due not using initrd and the resulting `!-1' leads
to a not loaded policy.

Just read the short manual page of is_selinux_enabled(3):

  is_selinux_enabled(3)      SELinux API documentation     is_selinux_enabled(3)

  NAME
       is_selinux_enabled - check whether SELinux is enabled

  NAME
       is_selinux_mls_enabled  -  check  whether SELinux is enabled for (Multi
       Level Securty) MLS

  SYNOPSIS
       #include <selinux/selinux.h>

       int is_selinux_enabled();

       int is_selinux_mls_enabled();

  DESCRIPTION
       is_selinux_enabled returns 1 if SELinux is running or 0 if it is not.

       is_selinux_mls_enabled returns 1 if SELinux is running in MLS mode or 0
       if it is not.

  SEE ALSO
       selinux(8)

  russell@coker.com.au            1 January 2004           is_selinux_enabled(3)

and in the source code of I've found that in case of /proc is not mounted the
function is_selinux_enabled(3) indeed also returns a -1 (or better if not able
to open /proc/filesystems for reading).

As  selinux_init_load_policy() does also mounting the selinuxfs I guess that
we should check for

    is_selinux_enabled() == 0

Martin? Does this works for you?

         Werner

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr

Message #25 received at 580272@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@hungry.com>

To: Martin Orr <martin@martinorr.name>, 580272@bugs.debian.org

Subject: Re: Bug#580272: sysvinit: Does not load SELinux policy

Date: Fri, 7 May 2010 10:17:53 +0200

[Martin Orr]
> I am happy to test things.  I shall ask on the SELinux list and with
> init upstream what init should be happening here.

Great.  I have already asked on the upstream mailing list, see
<URL: http://lists.nongnu.org/archive/html/sysvinit-devel/2010-05/msg00000.html >.

Happy hacking,
-- 
Petter Reinholdtsen

Message #30 received at 580272@bugs.debian.org (full text, mbox, reply):

From: "Dr. Werner Fink" <werner@suse.de>

To: Petter Reinholdtsen <pere@hungry.com>, 580272@bugs.debian.org

Cc: Martin Orr <martin@martinorr.name>

Subject: Re: Bug#580272: sysvinit: Does not load SELinux policy

Date: Fri, 7 May 2010 10:25:12 +0200

On Fri, May 07, 2010 at 10:17:53AM +0200, Petter Reinholdtsen wrote:
> [Martin Orr]
> > I am happy to test things.  I shall ask on the SELinux list and with
> > init upstream what init should be happening here.
> 
> Great.  I have already asked on the upstream mailing list, see
> <URL: http://lists.nongnu.org/archive/html/sysvinit-devel/2010-05/msg00000.html >.

I'd like to see if it makes a difference to change

       if (is_selinux_enabled() > 0) {

to

       if (is_selinux_enabled() == 0) {

as this may enforce the call of selinux_init_load_policy()

Martin?  Does this change work for you?

    Werner

-- 
  "Having a smoking section in a restaurant is like having
          a peeing section in a swimming pool." -- Edward Burr

Message #35 received at 580272@bugs.debian.org (full text, mbox, reply):

From: Martin Orr <martin@martinorr.name>

To: selinux@tycho.nsa.gov, sysvinit-devel@nongnu.org

Cc: 580272@bugs.debian.org

Subject: sysvinit 2.88 and SELinux policy

Date: Fri, 07 May 2010 19:24:27 +0100

With sysvinit 2.88 my SELinux policy is not loaded on boot; with 
sysvinit 2.87 everything worked fine.  I am running Debian; my 
initramfs mounts /proc but does not know about SELinux.

Here are the two pieces of code:

Old code:
   if (getenv("SELINUX_INIT") == NULL && !is_selinux_enabled()) {
           putenv("SELINUX_INIT=YES");
           if (selinux_init_load_policy(&enforce) == 0 ) {
                   execv(myname, argv);
           } else {
                   if (enforce > 0) {
                           /* SELinux in enforcing mode but 
load_policy failed */
                           /* At this point, we probably can't open 
/dev/console, so log() won't work */
                           printf("Unable to load SELinux Policy. 
Machine is in enforcing mode. Halting now.\n");
                           exit(1);
                   }
           }
   }


New code:
   if (getenv("SELINUX_INIT") == NULL) {
     const int rc = mount("proc", "/proc", "proc", 0, 0);
     if (is_selinux_enabled() > 0) {
       putenv("SELINUX_INIT=YES");
       if (rc == 0) umount2("/proc", MNT_DETACH);
       if (selinux_init_load_policy(&enforce) == 0) {
         execv(myname, argv);
       } else {
         if (enforce > 0) {
           /* SELinux in enforcing mode but load_policy failed */
           /* At this point, we probably can't open /dev/console, so 
log() won't work */
           fprintf(stderr,"Unable to load SELinux Policy. Machine is 
in enforcing mode. Halting now.\n");
           exit(1);
         }
       }
     }
     if (rc == 0) umount2("/proc", MNT_DETACH);
   }

The differences here are that the new code ensures that /proc is 
mounted, and !is_selinux_enabled() becomes (is_selinux_enabled() > 0).

I think the change was due to this:
http://thread.gmane.org/gmane.comp.security.selinux/13320
(is_selinux_enabled() returns -1 if /proc not mounted).

I am not clear what the purpose of this is_selinux_enabled() check is: 
is it to avoid loading policy if policy has already been loaded by the 
initramfs, or is it to find out whether the system has been configured 
to use SELinux?

If it is the first, then I think the test should be put back to 
!is_selinux_enabled() - since init ensures /proc is mounted that should 
work with or without an initramfs.

If it is the second, then is_selinux_enabled() can't tell you that 
because it only returns 1 after a policy has been loaded.

Best wishes,
Martin

Message #40 received at 580272@bugs.debian.org (full text, mbox, reply):

From: Michal Svoboda <michal.svoboda@agents.felk.cvut.cz>

To: Martin Orr <martin@martinorr.name>

Cc: selinux@tycho.nsa.gov, sysvinit-devel@nongnu.org, 580272@bugs.debian.org

Subject: Re: sysvinit 2.88 and SELinux policy

Date: Sat, 8 May 2010 09:11:14 +0200

[Message part 1 (text/plain, inline)]

Martin Orr wrote:
> The differences here are that the new code ensures that /proc is
> mounted, and !is_selinux_enabled() becomes (is_selinux_enabled() >
> 0).
 
> I think the change was due to this:
> http://thread.gmane.org/gmane.comp.security.selinux/13320
> (is_selinux_enabled() returns -1 if /proc not mounted).

They might have been inspired by it, but it is a completely different
fix than I proposed. 

In the original context, the C expression "!is_selinux_enabled()"
means "is_selinux_enabled() == 0". However, the function is tristate, as
its return values are -1, 0, and 1. In addition to 0, we also want -1 to
execute the code block below, so the expression becomes
"(foo = is_selinux_enabled(), foo == 0 || foo == -1)", or simply put
"is_selinux_enabled() != 1".

And why we want that? Because the function checks if we already have a
policy loaded in the kernel. 1 means yes, 0 means no and -1 means no as
well. No need to mess with mounting /proc ;-)


Michal Svoboda

[Message part 2 (application/pgp-signature, inline)]

Message #45 received at 580272@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@hungry.com>

To: Martin Orr <martin@martinorr.name>, selinux@tycho.nsa.gov, sysvinit-devel@nongnu.org, 580272@bugs.debian.org

Subject: Re: [Pkg-sysvinit-devel] Bug#580272: sysvinit 2.88 and SELinux policy

Date: Wed, 12 May 2010 14:17:46 +0200

[Michal Svoboda]
> And why we want that? Because the function checks if we already have
> a policy loaded in the kernel. 1 means yes, 0 means no and -1 means
> no as well. No need to mess with mounting /proc ;-)

Can you test this patch and let me know if it work?

Index: src/init.c
===================================================================
--- src/init.c  (revision 1888)
+++ src/init.c  (working copy)
@@ -54,10 +54,6 @@

 #ifdef WITH_SELINUX
 #  include <selinux/selinux.h>
-#  include <sys/mount.h>
-#  ifndef MNT_DETACH /* present in glibc 2.10, missing in 2.7 */
-#    define MNT_DETACH 2
-#  endif
 #endif

 #ifdef __i386__
@@ -2869,11 +2865,9 @@

 #ifdef WITH_SELINUX
        if (getenv("SELINUX_INIT") == NULL) {
-         const int rc = mount("proc", "/proc", "proc", 0, 0);
-         if (is_selinux_enabled() > 0) {
-           putenv("SELINUX_INIT=YES");
-           if (rc == 0) umount2("/proc", MNT_DETACH);
+         if (is_selinux_enabled() != 1) {
            if (selinux_init_load_policy(&enforce) == 0) {
+             putenv("SELINUX_INIT=YES");
              execv(myname, argv);
            } else {
              if (enforce > 0) {
@@ -2884,7 +2878,6 @@
              }
            }
          }
-         if (rc == 0) umount2("/proc", MNT_DETACH);
        }
 #endif
        /* Start booting. */

Happy hacking,
-- 
Petter Reinholdtsen

Message #50 received at 580272-close@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@debian.org>

To: 580272-close@bugs.debian.org

Subject: Bug#580272: fixed in sysvinit 2.88dsf-3

Date: Wed, 12 May 2010 21:56:32 +0000

Source: sysvinit
Source-Version: 2.88dsf-3

We believe that the bug you reported is fixed in the latest version of
sysvinit, which is due to be installed in the Debian FTP archive:

initscripts_2.88dsf-3_i386.deb
  to main/s/sysvinit/initscripts_2.88dsf-3_i386.deb
sysv-rc_2.88dsf-3_all.deb
  to main/s/sysvinit/sysv-rc_2.88dsf-3_all.deb
sysvinit-utils_2.88dsf-3_i386.deb
  to main/s/sysvinit/sysvinit-utils_2.88dsf-3_i386.deb
sysvinit_2.88dsf-3.diff.gz
  to main/s/sysvinit/sysvinit_2.88dsf-3.diff.gz
sysvinit_2.88dsf-3.dsc
  to main/s/sysvinit/sysvinit_2.88dsf-3.dsc
sysvinit_2.88dsf-3_i386.deb
  to main/s/sysvinit/sysvinit_2.88dsf-3_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 580272@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen <pere@debian.org> (supplier of updated sysvinit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 12 May 2010 21:36:01 +0200
Source: sysvinit
Binary: sysvinit sysvinit-utils sysv-rc initscripts
Architecture: source i386 all
Version: 2.88dsf-3
Distribution: experimental
Urgency: low
Maintainer: Debian sysvinit maintainers <pkg-sysvinit-devel@lists.alioth.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Description: 
 initscripts - scripts for initializing and shutting down the system
 sysv-rc    - System-V-like runlevel change mechanism
 sysvinit   - System-V-like init utilities
 sysvinit-utils - System-V-like utilities
Closes: 576788 580272 580298
Changes: 
 sysvinit (2.88dsf-3) experimental; urgency=low
 .
   * New 30_killall5_hurd.patch to fix build problem on Hurd.  Patch
     from Werner Fink.
   * Fix typo in invoke-rc.d (Closes: #580298).
   * Switch to concurrent booting by default, when dependency based
     boot sqeuencing is enabled.  Make shell and startpar concurrency
     aliases for makefile style concurrency, as both are obsolete now.
   * Add 64_init_selinux_enabled.patch to try to fix the logic used to
     enable SELinux (Closes: #580272).
   * Mention the LSB style header now required for init.d scripts in
     /etc/init.d/README (Closes: #576788).
Checksums-Sha1: 
 9c919ab34c164bb364bd93f7b65f574647704f3d 1506 sysvinit_2.88dsf-3.dsc
 1d2ce8690ece28e7fec4a5eeebd27c866d8ce175 160410 sysvinit_2.88dsf-3.diff.gz
 82ec1ddaeb890f29a7cedbfe366a8848a02d2c7d 113532 sysvinit_2.88dsf-3_i386.deb
 0f5388e40027a1722667129077f9b48c24b983d5 116020 sysvinit-utils_2.88dsf-3_i386.deb
 8d446dd3904d0573d74b162b8ecd02d8df56e35c 68860 initscripts_2.88dsf-3_i386.deb
 f897de2c6f67d2121e5e693f1468b9c50df141ed 59004 sysv-rc_2.88dsf-3_all.deb
Checksums-Sha256: 
 18440d4349dbe03b01efae0d23c809f3532b28855a694f8d270e043f09ff1f37 1506 sysvinit_2.88dsf-3.dsc
 f701ca0fede90270665a39f3ceddd3b4a33dd59a98c9bcab94f31a4142fcd527 160410 sysvinit_2.88dsf-3.diff.gz
 07334ba5a4d241487abfd48d3e2f567dc8611d0ae70e7402d3bd7d82c78d97e4 113532 sysvinit_2.88dsf-3_i386.deb
 d4155a6739fc672f8298dadaa7d04466d2847abfb1412d9748d8eedb525d7b2f 116020 sysvinit-utils_2.88dsf-3_i386.deb
 4fbbd9d823328f380cc681a4021ebaa60887428b5056206beb77311ee38280fd 68860 initscripts_2.88dsf-3_i386.deb
 5dbab86638064dfcc4fd4f201a5da8de7af433d9f2ebba238f696d23f8a535e1 59004 sysv-rc_2.88dsf-3_all.deb
Files: 
 174a41d23cb45e88cea44b7617363960 1506 admin required sysvinit_2.88dsf-3.dsc
 058f54d59e57b404d32b02e29f2f42b6 160410 admin required sysvinit_2.88dsf-3.diff.gz
 38e004c49a4e194af916e7f990fbcede 113532 admin required sysvinit_2.88dsf-3_i386.deb
 c214f3c326ee570b5827bdbc60b2f97a 116020 admin required sysvinit-utils_2.88dsf-3_i386.deb
 71df82c75523dd61bc3d8d4c3279a4e0 68860 admin required initscripts_2.88dsf-3_i386.deb
 b86c9bf5f91bb380f904b9c55c9574cf 59004 admin required sysv-rc_2.88dsf-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFL6wTe20zMSyow1ykRArOwAKDjvwUOwEWzFpQIlUuBbx46N9p/7gCfblEX
dJEHfBh1IuVjWUSF1365xaE=
=us5F
-----END PGP SIGNATURE-----

Message #55 received at 580272@bugs.debian.org (full text, mbox, reply):

From: Martin Orr <martin@martinorr.name>

To: Petter Reinholdtsen <pere@hungry.com>

Cc: selinux@tycho.nsa.gov, sysvinit-devel@nongnu.org, 580272@bugs.debian.org

Subject: Re: [Pkg-sysvinit-devel] Bug#580272: sysvinit 2.88 and SELinux policy

Date: Wed, 12 May 2010 23:18:21 +0100

On Wed 12 May 13:17:46 2010, Petter Reinholdtsen wrote:

> [Michal Svoboda]
>> And why we want that? Because the function checks if we already have
>> a policy loaded in the kernel. 1 means yes, 0 means no and -1 means
>> no as well. No need to mess with mounting /proc ;-)
>
> Can you test this patch and let me know if it work?

This patch works for me, and so far as I understand things it should 
cover all the cases (no initrd, non-SELinux aware initrd, initrd that 
loads SELinux policy) though I only tested the non-SELinux aware initrd 
case.

Thanks,
Martin Orr

> Index: src/init.c
> ===================================================================
> --- src/init.c  (revision 1888)
> +++ src/init.c  (working copy)
> @@ -54,10 +54,6 @@
>
>  #ifdef WITH_SELINUX
>  #  include <selinux/selinux.h>
> -#  include <sys/mount.h>
> -#  ifndef MNT_DETACH /* present in glibc 2.10, missing in 2.7 */
> -#    define MNT_DETACH 2
> -#  endif
>  #endif
>
>  #ifdef __i386__
> @@ -2869,11 +2865,9 @@
>
>  #ifdef WITH_SELINUX
>         if (getenv("SELINUX_INIT") == NULL) {
> -         const int rc = mount("proc", "/proc", "proc", 0, 0);
> -         if (is_selinux_enabled() > 0) {
> -           putenv("SELINUX_INIT=YES");
> -           if (rc == 0) umount2("/proc", MNT_DETACH);
> +         if (is_selinux_enabled() != 1) {
>             if (selinux_init_load_policy(&enforce) == 0) {
> +             putenv("SELINUX_INIT=YES");
>               execv(myname, argv);
>             } else {
>               if (enforce > 0) {
> @@ -2884,7 +2878,6 @@
>               }
>             }
>           }
> -         if (rc == 0) umount2("/proc", MNT_DETACH);
>         }
>  #endif
>         /* Start booting. */

Message #60 received at 580272-close@bugs.debian.org (full text, mbox, reply):

From: Petter Reinholdtsen <pere@debian.org>

To: 580272-close@bugs.debian.org

Subject: Bug#580272: fixed in sysvinit 2.88dsf-4

Date: Fri, 14 May 2010 22:07:19 +0000

Source: sysvinit
Source-Version: 2.88dsf-4

We believe that the bug you reported is fixed in the latest version of
sysvinit, which is due to be installed in the Debian FTP archive:

initscripts_2.88dsf-4_i386.deb
  to main/s/sysvinit/initscripts_2.88dsf-4_i386.deb
sysv-rc_2.88dsf-4_all.deb
  to main/s/sysvinit/sysv-rc_2.88dsf-4_all.deb
sysvinit-utils_2.88dsf-4_i386.deb
  to main/s/sysvinit/sysvinit-utils_2.88dsf-4_i386.deb
sysvinit_2.88dsf-4.diff.gz
  to main/s/sysvinit/sysvinit_2.88dsf-4.diff.gz
sysvinit_2.88dsf-4.dsc
  to main/s/sysvinit/sysvinit_2.88dsf-4.dsc
sysvinit_2.88dsf-4_i386.deb
  to main/s/sysvinit/sysvinit_2.88dsf-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 580272@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen <pere@debian.org> (supplier of updated sysvinit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 14 May 2010 21:39:27 +0200
Source: sysvinit
Binary: sysvinit sysvinit-utils sysv-rc initscripts
Architecture: source i386 all
Version: 2.88dsf-4
Distribution: unstable
Urgency: low
Maintainer: Debian sysvinit maintainers <pkg-sysvinit-devel@lists.alioth.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Description: 
 initscripts - scripts for initializing and shutting down the system
 sysv-rc    - System-V-like runlevel change mechanism
 sysvinit   - System-V-like init utilities
 sysvinit-utils - System-V-like utilities
Closes: 438085 576788 579293 580272 580298
Changes: 
 sysvinit (2.88dsf-4) unstable; urgency=low
 .
   [ Petter Reinholdtsen ]
   * Fix typo in code detecting legacy boot ordering when concurrent
     startup is enabled.
   * Call splash_stop early during boot when using concurrent booting,
     to stop usplash from confusing X.
 .
 sysvinit (2.88dsf-3) experimental; urgency=low
 .
   * New 30_killall5_hurd.patch to fix build problem on Hurd.  Patch
     from Werner Fink.
   * Fix typo in invoke-rc.d (Closes: #580298).
   * Switch to concurrent booting by default, when dependency based
     boot sqeuencing is enabled.  Make shell and startpar concurrency
     aliases for makefile style concurrency, as both are obsolete now.
   * Add 64_init_selinux_enabled.patch to try to fix the logic used to
     enable SELinux (Closes: #580272).
   * Mention the LSB style header now required for init.d scripts in
     /etc/init.d/README (Closes: #576788).
 .
 sysvinit (2.88dsf-2) experimental; urgency=low
 .
   [ Petter Reinholdtsen ]
   * Change start dependencies for bootlogs to use new virtual facility
     $x-display-manager and also mention wdm and nodm.  The individual
     display managers should be dropped as stop dependencies when all
     of them provide the virtual facility.
   * Report script name requested if invoke-rc.d is used during
     shutdown.
   * Update 63_init_keep_utf8_ttyflag.patch to actually work on kfreebsd.
   * New 20_init_freebsd_vswtc.patch to add workaround for missing VSWTC
     on kfreebsd (Closes: 579293).
 .
 sysvinit (2.88dsf-1) experimental; urgency=low
 .
   * Upload to experimental for build testing and wider review.
 .
   * New upstream release.
     - Drop 11_doc_shutdown-c.dpatch, now included upstream.
     - Drop 14_doc_fsf_addr.dpatch, now included upstream.
     - Drop 15_doc_upstream_email.dpatch, now included upstream.
     - Drop 21_ifdown_kfreebsd.patch, now included upstream.
     - Drop 46_pidof_symlinkman.patch, now included upstream.
     - Drop 50_bootlogd_devsubdir.dpatch, now included upstream.
     - Drop 54_bootlogd_findptyfail.dpatch, now included upstream.
     - Drop 55_bootlogd_flush.patch, now included upstream.
     - Drop 60_init_selinux_ifdef.dpatch, now included upstream.
     - Drop 62_init_freebsdterm.dpatch, now included upstream.
     - Drop 70_compiler_warnings.dpatch, now included upstream.
     - Drop 94_fstab-decode.dpatch, now included upstream.
     - Drop 96_shutdown_acctoff.dpatch, now included upstream.
     - Drop 97_init_starttest.dpatch, now included upstream.
     - Drop 98_installtarget.dpatch, now included upstream.
     - Update 63_init_keep_utf8_ttyflag.patch.
     - New upstream do not strip binaries, allowing the nostrip
       build option to work (Closes: #438085).
   * Update Standards-Version from 3.8.3 to 3.8.4.  No change needed.
   * Update homepage in control file to the new home
     http://savannah.nongnu.org/projects/sysvinit .
   * Quiet down init.d/bootlogd when VERBOSE=no.
   * Document in init.d/skeleton that lsb-base (>= 3.2-14) is
     needed for status_of_proc().
Checksums-Sha1: 
 a378dd9b0490a6e17e051de18b24920fb0f70ac8 1507 sysvinit_2.88dsf-4.dsc
 f1fedbfda4bd9477cc7e2fa7e6d3632cd0a0091a 160771 sysvinit_2.88dsf-4.diff.gz
 cc748306d30e747717037245130b3b345ea0d2e1 113900 sysvinit_2.88dsf-4_i386.deb
 5c3c69da645f789bcc209960bf55d26ad6a22a04 114422 sysvinit-utils_2.88dsf-4_i386.deb
 6b7916553f21a324e017eb12364bad72cd78f4e2 67342 initscripts_2.88dsf-4_i386.deb
 c386e506607212a5ad9bf3a188315c805e24902a 58388 sysv-rc_2.88dsf-4_all.deb
Checksums-Sha256: 
 51ce210089595b82de47a529f3e7f2b030aa881f009a1682d71b38f0858fa6a6 1507 sysvinit_2.88dsf-4.dsc
 0deb0b1aa3443236dede717e186310ceeb7ad1c2edafbb310b275593b22e269b 160771 sysvinit_2.88dsf-4.diff.gz
 b1c762975b6fe583f48c942e492f10ec6d47d1ca14d7d5957913d25dfa9776d6 113900 sysvinit_2.88dsf-4_i386.deb
 2f2d9bc15623655540ff786b6c34c8fc8ebc53de09a9042e65423590dfa4eac3 114422 sysvinit-utils_2.88dsf-4_i386.deb
 d806f4346fa8e11eea3926bb879a314cc0692a99a66370fb25fc9266918819dc 67342 initscripts_2.88dsf-4_i386.deb
 32e76bd714537e9fd26de5456bfe893f6db10463b6b590e15a807ce5b8eadf97 58388 sysv-rc_2.88dsf-4_all.deb
Files: 
 ea789ae4b5203f9afb20ed67fa87a400 1507 admin required sysvinit_2.88dsf-4.dsc
 b6dea43a280b05db1f82048d2d62e6fb 160771 admin required sysvinit_2.88dsf-4.diff.gz
 7a362d6b051289ce4426939cd433d6be 113900 admin required sysvinit_2.88dsf-4_i386.deb
 20f3f55ed414884ceb7322bf6bf190fa 114422 admin required sysvinit-utils_2.88dsf-4_i386.deb
 cdb67832200a98df75f28f4b3f46ef62 67342 admin required initscripts_2.88dsf-4_i386.deb
 ac5810141d680ddc7292f7b02ce98735 58388 admin required sysv-rc_2.88dsf-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFL7arU20zMSyow1ykRArJFAJkBN3zEvIsrp8AhN7MdwuXdwoZ0+wCeJe73
61vPoAGxyK6HwElUw6DP7BI=
=NRZg
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.