|
Bugzilla – Full Text Bug Listing |
| Summary: | mkinitrd needs to mount /proc in /root filessystem to enable SELinux | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.2 | Reporter: | Thomas Biege <thomas> |
| Component: | Other | Assignee: | Milan VanĨura <mvancura> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Enhancement | ||
| Priority: | P5 - None | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 450054 | ||
| Attachments: |
patch for boot script
mkinitrd-selinux.diff |
||
Doesn't /bin/mount --move /dev /root/dev +/bin/mount --move /proc /root/proc also work? (In reply to comment #1 from Bernhard Walle) > Doesn't > > /bin/mount --move /dev /root/dev > +/bin/mount --move /proc /root/proc > > also work? > I tried it, but it does not work. Rudi, we do not need to mount /proc in /etc/init.d/boot anymore. It will be done by mkinitrd - as soon as the patch was committed. Can you remove the lines for 11.2 please? Thanks a lot. Not committed but submitted. Which is difficult now since STABLE == SLES11. Comitted http://git.opensuse.org/?p=projects/mkinitrd.git;a=commit;h=0984a1badcc3485846ea96a827c0e3d2e1dca389 we can only check if it's already mounted. an initrd is never mandatory, so if there was none, /proc still needs to get mounted in that case. doing that now: -echo -n "Mounting procfs at /proc" -mount -n -t proc proc /proc -rc_status -v -r +if test ! -d /proc/1 ; then + echo -n "Mounting procfs at /proc" + mount -n -t proc proc /proc + rc_status -v -r +fi -echo -n "Mounting sysfs at /sys" -mount -n -t sysfs sysfs /sys -rc_status -v -r +if test ! -d /sys/kernel ; then + echo -n "Mounting sysfs at /sys" + mount -n -t sysfs sysfs /sys + rc_status -v -r +fi submitted Great, thanks! :) the patch assumes that libc in initrd can execute binaries in the mounted system. This is not neccessary true. Please do something else to mount proc in the root filesystem. olaf: you are talking about the initrd, not my change in comment #6 -> mkinitrd, reassigning Thomas, please improve the patch or open a FATE entry if you think that SELinux is important enough that I work on that. :) For now, I reverted the patch. "/bin/mount /root/proc" also works AFAICS Is this ok for you? Yes. Please provide a new patch and I can apply it. Created attachment 263529 [details]
mkinitrd-selinux.diff
attached Applied. Seems patch is missing in STABLE ans for SLE11. Why I've got assigned to this bug? WhoMaintains spits you out as maintainer after bwalle left. There is a separate package named mkinitrd in STABLE now which contains the line needed. clsoing as fixed The patch doesn't work on 11.2 milestone2. I will try to submit a new package using osc. I did a submit request for openSUSE_Factory, hope that is all... This is an autogenerated message for OBS integration: This bug (457984) was mentioned in https://build.opensuse.org/request/show/200696 Factory / mkinitrd |
Created attachment 259179 [details] patch for boot script Hi, to make the selinux patch in sysvinit work we have to mount at least /proc before init is started.