[Bug 2048527] Re: rpcbind init.d script doesn't work with SELinux

Sergio Durigan Junior 2048527 at bugs.launchpad.net
Wed Jan 10 22:06:49 UTC 2024 

Thanks for the further feedback.

May I ask for detailed steps on how to reproduce the problem you're
having?  I created an Ubuntu container here, apt installed rpcbind, but
noticed the following messages:

Setting up rpcbind (1.2.6-2build1) ...
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of start.

This is kind of expected, I believe.  Inside the containers there's no
concept of a runlevel, so it's not really possible to start services
using "service".  AFAIK, the "right" way to use daemons inside
containers is to start them as the single process when the container is
created.

I'm not reopening the bug because vorlon's rationale is still applicable
IMHO, but if you would like to file a bug against Debian, please follow
the instructions from this page: https://www.debian.org/Bugs/Reporting

Thanks.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rpcbind in Ubuntu.
https://bugs.launchpad.net/bugs/2048527

Title:
  rpcbind init.d script doesn't work with SELinux

Status in rpcbind package in Ubuntu:
  Won't Fix

Bug description:
  The line:

  > if [ `ls -dl "$STATEDIR" | grep -cE '^drwxr-xr-x [0-9]+ _rpc root '` -lt 1 ] ; then
  (see: https://salsa.debian.org/debian/rpcbind/-/blob/bee1a6f5de6c8d693565167b6a9d82325d806d0f/debian/init.d#L42)

  won't work in a SELinux setup.

  with:
  STATEDIR=/run/rpcbind
  > ls -dl "$STATEDIR"
  will produce the following output:
  > drwxr-xr-x. 2 _rpc root 4096 Jan  8 11:48 /run/rpcbind

  Notice the dot (.) following the file permissions, which breaks the
  grep pattern on my system.

  According to the docs of `ls`, the dot represents a security context:

  running 
  > info coreutils 'ls invocation' | grep -1 '[.+]. character'
  outputs: 
       GNU ‘ls’ uses a ‘.’ character to indicate a file with a security
       context, but no other alternate access method.

  Please, adjust the check to support also a security context.

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: rpcbind 1.2.6-2build1
  Uname: Linux 5.15.111-flatcar x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Mon Jan  8 12:41:58 2024
  ProcEnviron:
   TERM=xterm
   PATH=(custom, no user)
  SourcePackage: rpcbind
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rpcbind/+bug/2048527/+subscriptions

More information about the foundations-bugs mailing list