Debian Bug report logs - #736909
LXC selinux support not working

Full log

Message #59 received at [email protected] (full text, mbox, reply):

Received: (at 688179) by bugs.debian.org; 5 Jan 2014 17:01:32 +0000
From [email protected] Sun Jan 05 17:01:32 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02
	(2011-06-06) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.0 required=4.0 tests=BAYES_00,DIGITS_LETTERS,
	MURPHY_DRUGS_REL8 autolearn=no version=3.3.2-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 9; hammy, 151; neutral, 71; spammy, 0.
	spammytokens: hammytokens:0.000-+--systemd, 0.000-+--armhf,
	0.000-+--H*u:1.5.21, 0.000-+--H*UA:1.5.21, 0.000-+--H*u:2010-09-15
Return-path: <[email protected]>
Received: from xvm-169-183.ghst.net ([95.142.169.183] helo=photon.sigxcpu.org)
	by buxtehude.debian.org with esmtp (Exim 4.80)
	(envelope-from <[email protected]>)
	id 1Vzr4t-0004a1-S2
	for [email protected]; Sun, 05 Jan 2014 17:01:32 +0000
Received: from honk.sigxcpu.org (localhost [IPv6:::1])
	by photon.sigxcpu.org (Postfix) with ESMTPS id 38FF689;
	Sun,  5 Jan 2014 18:01:29 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by honk.sigxcpu.org (Postfix) with ESMTP id E2159FB03;
	Sun,  5 Jan 2014 18:01:28 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at honk.sigxcpu.org
Received: from honk.sigxcpu.org ([127.0.0.1])
	by localhost (honk.sigxcpu.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ocX8LYI2qVuU; Sun,  5 Jan 2014 18:01:28 +0100 (CET)
Received: by bogon.sigxcpu.org (Postfix, from userid 1000)
	id F18FBCBAB6; Sun,  5 Jan 2014 18:01:11 +0100 (CET)
Date: Sun, 5 Jan 2014 18:01:11 +0100
From: Guido Günther <[email protected]>
To: Laurent Bigonville <[email protected]>
Cc: [email protected]
Subject: Re: libvirt: Please enable selinux security driver
Message-ID: <[email protected]>
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
User-Agent: Mutt/1.5.21 (2010-09-15)

On Thu, Jan 02, 2014 at 02:09:13AM +0100, Laurent Bigonville wrote:
> Hi,
> 
> Looks like my patch was missing a bit as the auto-detection is not
> working as expected on machine that are not running selinux.
> 
> --with-selinux-mount=/sys/fs/selinux should be passed to the configure.
> 
> Quickly looking at the code it only affect LXC containers.
> 
> /selinux is gone now sid and jessie. In wheezy, both /selinux
> and /sys/fs/selinux are exsting but the selinuxfs should already be
> mounted on /sys/fs/selinux.
> 
> The attached patch fix this.

Pushed to git.debian.org, thanks!
Cheers,
 -- Guido

> 
> Cheers,
> 
> Laurent Bigonville

> From 6eeaf3c0c37ecfac268150287ba8697f5ca331ab Mon Sep 17 00:00:00 2001
> From: Laurent Bigonville <[email protected]>
> Date: Thu, 2 Jan 2014 01:55:12 +0100
> Subject: [PATCH] Pass --with-selinux-mount=/sys/fs/selinux to the configure
> 
> The buildd are not running selinux and this make the auto-detection code
> defaults to /selinux which is actually not existing anymore in sid.
> 
> This complete the fix for SELinux support.
> ---
>  debian/rules | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/debian/rules b/debian/rules
> index cf8e596..5b76cc7 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -29,7 +29,7 @@ ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux))
>    WITH_SANLOCK        = --with-sanlock
>    WITH_INIT_SCRIPT    =	--with-init-script=systemd
>    WITH_AUDIT          = --with-audit
> -  WITH_SELINUX        = --with-selinux --with-secdriver-selinux
> +  WITH_SELINUX        = --with-selinux --with-secdriver-selinux --with-selinux-mount=/sys/fs/selinux
>    ifneq (,$(findstring $(DEB_HOST_ARCH), amd64 armel armhf i386 ia64 powerpc s390))
>        WITH_DTRACE     = --with-dtrace
>    else
> -- 
> 1.8.5.2
> 

Send a report that this bug log contains spam.