On Wed, Dec 10, 2014 at 4:03 PM, Sandro Mani <manisandro@xxxxxxxxx> wrote: > Hi, > > Before digging around more, though I'd check here if some debian+selinux > experienced person has any ideas... I'm encountering two kinds of failure > when using pbuilder which seem selinux related: > > - When building packages for newer releases (i.e. Ubuntu >= trusty), > pbuilder used to fail with > > [...] > dpkg: error processing archive > <package_name>.deb (--unpack): > cannot get security labeling handle: No such file or directory > [...] > > This looked like upstream [1], at the end of which it was suggested to > bind-mount /sys/fs/selinux into the pbuilder chroot and remount it > read-only. Did so, and things worked, horray. > > - Today I built the package for an older release, and now, with selinux > mounted read-only, it fails with > [...] > I: Extracting source > Password: su: Authentication failure Hmm. Can you run setpriv -d inside your chroot and see what it says? You could also try running su directly and confirming that it works. --Andy > E: pbuilder: Failed extracting the source > [...] > Reverting the patch applied to fix the first problem (or even just not > remounting read-only), things work again for the older releases, but clearly > not anymore for the newer releases. There are a few reports of similar > problems here and there ([2], old and fixed; [3], not relevant here, since > /selinux is being mounted); [4], old an related to pam), but nothing recent > or particularly revealing. > > So in short: mounting read-only works for ubuntu >= trusty but breaks older, > and mounting read-write works for older but breaks ubuntu >= trusty. (Same > most likely applies to newish vs oldish debian, haven't tested though). > > > So... Any one with any ideas? > > And heads up: I got overexcited with the fix for the first issue and already > built a patched pbuilder, so if you are using pbuilder-0.215-12 from > rawhide, f21+testing or f20+testing, building packages for older releases > will currently fail. To work around, just comment/uncomment line 280 of > /usr/lib/pbuilder/pbuilder-modules as necessary. > > > Thanks, > Sandro > > > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734193 > [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384389 > [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506917 > [4] https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/22739 > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
