Bug 457984 - mkinitrd needs to mount /proc in /root filessystem to enable SELinux
Summary: mkinitrd needs to mount /proc in /root filessystem to enable SELinux
Status: RESOLVED FIXED
Alias: None
Product: openSUSE 11.2
Classification: openSUSE
Component: Other (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Enhancement (vote)
Target Milestone: ---
Assignee: Milan Vančura
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 450054
  Show dependency treegraph
 
Reported: 2008-12-10 14:22 UTC by Thomas Biege
Modified: 2013-09-26 10:00 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
patch for boot script (291 bytes, patch)
2008-12-10 14:22 UTC, Thomas Biege 		Details | Diff
mkinitrd-selinux.diff (269 bytes, patch)
2009-01-07 10:24 UTC, Thomas Biege 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Biege 2008-12-10 14:22:06 UTC 
Created attachment 259179 [details]
patch for boot script

Hi,
to make the selinux patch in sysvinit work we have to mount at least /proc before init is started.
Comment 1 Bernhard Walle 2008-12-10 14:26:33 UTC 
Doesn't

 /bin/mount --move /dev /root/dev
+/bin/mount --move /proc /root/proc

also work?
Comment 2 Thomas Biege 2008-12-10 14:43:16 UTC 
(In reply to comment #1 from Bernhard Walle)
> Doesn't
> 
>  /bin/mount --move /dev /root/dev
> +/bin/mount --move /proc /root/proc
> 
> also work?
> 

I tried it, but it does not work.
Comment 3 Thomas Biege 2008-12-10 15:11:04 UTC 
Rudi,
we do not need to mount /proc in /etc/init.d/boot anymore. It will be done by mkinitrd - as soon as the patch was committed. Can you remove the lines for 11.2 please? Thanks a lot.
Comment 4 Bernhard Walle 2008-12-10 15:14:21 UTC 
Not committed but submitted. Which is difficult now since STABLE == SLES11.
Comment 6 Ruediger Oertel 2008-12-11 16:40:04 UTC 
we can only check if it's already mounted.
an initrd is never mandatory, so if there was none, /proc still needs
to get mounted in that case.

doing that now:
-echo -n "Mounting procfs at /proc"
-mount -n -t proc proc /proc
-rc_status -v -r
+if test ! -d /proc/1 ; then
+    echo -n "Mounting procfs at /proc"
+    mount -n -t proc proc /proc
+    rc_status -v -r
+fi

-echo -n "Mounting sysfs at /sys"
-mount -n -t sysfs sysfs /sys
-rc_status -v -r
+if test ! -d /sys/kernel ; then
+    echo -n "Mounting sysfs at /sys"
+    mount -n -t sysfs sysfs /sys
+    rc_status -v -r
+fi

submitted
Comment 7 Thomas Biege 2008-12-11 16:46:21 UTC 
Great, thanks! :)
Comment 8 Olaf Hering 2008-12-16 08:49:00 UTC 
the patch assumes that libc in initrd can execute binaries in the mounted system.
This is not neccessary true.

Please do something else to mount proc in the root filesystem.
Comment 9 Ruediger Oertel 2008-12-16 08:53:07 UTC 
olaf: you are talking about the initrd, not my change in comment #6

-> mkinitrd, reassigning
Comment 10 Bernhard Walle 2008-12-16 09:13:48 UTC 
Thomas, please improve the patch or open a FATE entry if you think that SELinux is important enough that I work on that. :)

For now, I reverted the patch.
Comment 11 Thomas Biege 2009-01-05 16:19:50 UTC 
"/bin/mount /root/proc" also works AFAICS

Is this ok for you?
Comment 12 Bernhard Walle 2009-01-07 09:49:33 UTC 
Yes. Please provide a new patch and I can apply it.
Comment 13 Thomas Biege 2009-01-07 10:24:28 UTC 
Created attachment 263529 [details]
mkinitrd-selinux.diff
Comment 14 Thomas Biege 2009-01-07 10:24:58 UTC 
attached
Comment 15 Bernhard Walle 2009-01-07 12:35:58 UTC 
Applied.
Comment 16 Thomas Biege 2009-03-25 13:54:06 UTC 
Seems patch is missing in STABLE ans for SLE11.
Comment 17 Dr. Werner Fink 2009-03-25 15:41:39 UTC 
Why I've got assigned to this bug?
Comment 18 Thomas Biege 2009-03-25 18:10:22 UTC 
WhoMaintains spits you out as maintainer after bwalle left.
Comment 19 Thomas Biege 2009-05-27 16:17:40 UTC 
There is a separate package named mkinitrd in STABLE now which contains the line needed.
Comment 20 Thomas Biege 2009-05-27 16:18:11 UTC 
clsoing as fixed
Comment 21 Thomas Biege 2009-06-22 15:47:09 UTC 
The patch doesn't work on 11.2 milestone2.
Comment 22 Thomas Biege 2009-06-22 16:34:02 UTC 
I will try to submit a new package using osc.
Comment 23 Thomas Biege 2009-06-29 11:42:15 UTC 
I did a submit request for openSUSE_Factory, hope that is all...
Comment 24 Bernhard Wiedemann 2013-09-26 10:00:19 UTC 
This is an autogenerated message for OBS integration:
This bug (457984) was mentioned in
https://build.opensuse.org/request/show/200696 Factory / mkinitrd