Re: Grub, EFI, and SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/4/20 10:17 AM, Javier Martinez Canillas wrote:

On Sun, May 3, 2020 at 4:40 AM Jerry James <loganjerry@xxxxxxxxx> wrote:


On Sat, May 2, 2020 at 4:33 AM Christopher <ctubbsii@xxxxxxxxxxxxxxxxx> wrote:

Those are bugs filed against RPM. Is the RPM package responsible for
executing lsetfilecon, or is it the grub2 package? If the grub2
package, it seems to me that they should know that EFI partitions will
never support lsetfilecon and they should never try. If it's RPM, then
it looks like it is suppressed upstream and the fix will be
incorporated eventually. I guess I don't know which component is
actually responsible for causing the execution of lsetfilecon.


You're right, but there is discussion of the grub2 issue in bug
1722766.  A number of bugs have been filed against grub2 specifically:



Nothing in the grub2 package executes restorecon for the files in
/boot/efi. The problem is that rpm calls lgetxattr() for each entry in
%files, regardless if the filesystem supports extended attributes or
not:

https://bugzilla.redhat.com/show_bug.cgi?id=1722766#c43
https://github.com/rpm-software-management/rpm/pull/976


https://bugzilla.redhat.com/show_bug.cgi?id=1819817
https://bugzilla.redhat.com/show_bug.cgi?id=1827922
https://bugzilla.redhat.com/show_bug.cgi?id=1829137
https://bugzilla.redhat.com/show_bug.cgi?id=1830399

So far, though, no word from the maintainer on those bugs.


I've been closing as duplicates of #1722766 but we are just getting
too many bugs filed for this issue.
It's an entirely cosmetical issue in rpm SELinux plugin but as innocent maintainers are apparently getting bombarded because of it: 

https://bodhi.fedoraproject.org/updates/FEDORA-2020-feefa460b1
https://bodhi.fedoraproject.org/updates/FEDORA-2020-54205e879b

	- Panu -
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux