[Bug 2048527] Re: rpcbind init.d script doesn't work with SELinux

Robert Groh 2048527 at bugs.launchpad.net
Tue Jan 9 22:14:39 UTC 2024 

I am using Ubuntu via its docker image: https://hub.docker.com/_/ubuntu
On the image readme/docs it says:
> This image is built from official rootfs tarballs provided by Canonical (see dist-* tags at https://git.launchpad.net/cloud-images/+oci/ubuntu-base).

Following  this link looking into 'jammy-22.04' branch, gives me the ubuntu-jammy-oci-amd64-root.manifest at
https://git.launchpad.net/cloud-images/+oci/ubuntu-base/tree/ubuntu-jammy-oci-amd64-root.manifest?h=jammy-22.04

Which I guess lists all installed packages in the official cloud images and as you can see there is no systemd installed. (As using systemd is not recommended in a container/docker context).
Nevertheless the tool 'service' is installed, which falls back to init.d scripts ;p

So please reopen the bug and give it to the upstream debian maintainer
(as I wasn't allowed to use the tool reportbug in a ubuntu system).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rpcbind in Ubuntu.
https://bugs.launchpad.net/bugs/2048527

Title:
  rpcbind init.d script doesn't work with SELinux

Status in rpcbind package in Ubuntu:
  Won't Fix

Bug description:
  The line:

  > if [ `ls -dl "$STATEDIR" | grep -cE '^drwxr-xr-x [0-9]+ _rpc root '` -lt 1 ] ; then
  (see: https://salsa.debian.org/debian/rpcbind/-/blob/bee1a6f5de6c8d693565167b6a9d82325d806d0f/debian/init.d#L42)

  won't work in a SELinux setup.

  with:
  STATEDIR=/run/rpcbind
  > ls -dl "$STATEDIR"
  will produce the following output:
  > drwxr-xr-x. 2 _rpc root 4096 Jan  8 11:48 /run/rpcbind

  Notice the dot (.) following the file permissions, which breaks the
  grep pattern on my system.

  According to the docs of `ls`, the dot represents a security context:

  running 
  > info coreutils 'ls invocation' | grep -1 '[.+]. character'
  outputs: 
       GNU ‘ls’ uses a ‘.’ character to indicate a file with a security
       context, but no other alternate access method.

  Please, adjust the check to support also a security context.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: rpcbind 1.2.6-2build1
  Uname: Linux 5.15.111-flatcar x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Mon Jan  8 12:41:58 2024
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
  SourcePackage: rpcbind
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/2048527/+subscriptions

More information about the foundations-bugs mailing list