Package: bash
Version: 4.4-4+b1
The specified Vcs fields do not link to the recent packaging version.
Package: bash
Version: 4.4-4+b1
Severity: important
Due to #842037, bash is currently shipped without PIE[1] support.
Please consider adding a package bash-pie, which Conflicts and
Provides bash, or upload a PIE-enabled version to stretch-backports
after release.
[1]
Package: auditd
Version: 1:2.6.7-1
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
ausearch segfaults on the following input in interpret mode:
/sbin/ausearch -i --input file
type=AVC msg=audit(1490829425.686:121): avc: denied { bind } for
pid=1034 comm="darkstat"
Package: debhelper
Version: 10.2.5
Severity: wishlist
Hi,
personally, I like the --list-missing/--fail-missing options from dh_install.
Any chance --list-missing getting the default for maybe compat version 11?
Best regards
Christian Göttsche
the fixing patch is not updated:
https://sources.debian.net/src/llvm-toolchain-4.0/1:4.0-1/debian/patches/fix-scan-view-path.diff/?hl=9#L9
Package: openssh-client
Version: 1:7.4p1-6
Dear Maintainer,
according to man:moduli(5) the file /etc/shh/moduli is only used by sshd.
Why is this file shipped with openssh-client and not openssh-server?
Best regards,
Christian Göttsche
Package: man-db
Version: 2.7.6.1-2
Dear Maintainer,
can you please add a systemd timer for the daily man-db cache regeneration.
--- /dev/null 2017-03-14 22:28:11.90999 +0100
+++ man-db.timer2017-03-16 12:07:22.956516872 +0100
@@ -0,0 +1,11 @@
+[Unit]
+Description=Daily man-db
Package: fake-hwclock
Version: 0.11
Dear Maintainer,
can you please add a systemd timer for the regular time save.
--- /dev/null 2017-03-14 22:28:11.90999 +0100
+++ fake-hwclock-save.timer 2017-03-16 11:52:21.062121382 +0100
@@ -0,0 +1,11 @@
+[Unit]
+Description=fake-hwclock: save time
Package: logrotate
Version: 3.11.0-0.1
Dear Maintainer,
can you please add a systemd timer for the daily log rotation.
--- /dev/null 2017-03-14 22:28:11.90999 +0100
+++ logrotate.timer 2017-03-15 20:30:26.475786062 +0100
@@ -0,0 +1,11 @@
+[Unit]
+Description=Daily rotation of log files
Package: monit
Version: 1:5.20.0-6
Hi,
could you consider shipping a systemd service file?
Best regards,
Christian Göttsche
[Unit]
Description=Monit monitoring service
Documentation=man:monit(1)
[Service]
EnvironmentFile=-/etc/default/monit
Type=forking
KillMode=process
Package: dphys-swapfile
Version: 20100506-3
Hi,
could you consider shipping a systemd service file?
Best regards,
Christian Göttsche
[Unit]
Description=dphys-swapfile - set up, mount/unmount, and delete an swap file
Documentation=man:dphys-swapfile(8)
[Service]
Type=oneshot
2017-03-13 23:11 GMT+01:00 Simon McVittie <s...@debian.org>:
> On Mon, 13 Mar 2017 at 21:58:46 +0100, cgzones wrote:
>> Since recently the reference policy defines the file contexts with
>> /run prefixes [1] and only supports /var/run via a backward
>> compatibility a
Hi list,
I created bug report against dbus 1.10 on Debian [1] due to failing to
send policyload notices.
Are there any objections or comments on the upstream patch[2]?
The patch works for me:
Mar 14 00:01:36 debianSE audit[441]: USER_AVC pid=441 uid=105
auid=4294967295 ses=4294967295
Package: dbus
Version: 1.10.16-1
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
Hi,
dbus ships a systemd socket unit.
On SELinux enabled systems systemd automatically sets the correct file
context on creation according to the policy's configuration.
Since recently the reference
Package: openssh-server
Version: 1:7.4p1-6
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
Hi,
OpenSSH-server ships a systemd-tmpfiles configuration for creating a
runtime directory.
On SELinux enabled systems, systemd-tmpfiles automatically sets the
correct file context on creation
Package: cron
Version: 3.0pl1-128+b1
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
Hi,
with the removal of the SELinux login entry for system_u [1], cron
stops working.
get_security_context [2] expects a NULL name when called for a system cronjob.
But it is called with "system_u"
Package: dbus
Version: 1.10.16-1
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
Hi,
on SELinux enabled systems, dbus cannot send the policyload notification.
There is already a thread over at redhat [1], and bug reports at
redhat [2] and dbus [3].
Please, cherry-pick the fix from
debug_echo "send dbus signal (success)"
else
debug_echo "send dbus signal (error)"
One could also check for the existence of /run/dbus/system_bus_socket
via [ -S /run/dbus/system_bus_socket ]
2016-12-31 15:00 GMT+01:00 cgzones <cgzo...@googlemail.com>:
> F
Package: libwrap0
Version: 7.6.q-26
libwrap0 recommends tcpd and as recommend packages are by default
annexed, tcpd will be installed e.g. for the packages openssh-server
or auditd.
Could you consider to lower the bonding to suggests?
Package: ntp
Version: 1:4.2.8p9+dfsg-2.1
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
On a SELinux enabled system, ntpd periodical generates some odd audits:
type=PROCTITLE msg=audit(02/17/17 22:52:21.790:167) :
proctitle=/usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:111
/info/libglib2.0-0:amd.list .
Cruft then complains about the nonexistence of the path.
Maybe the directory could be shipped empty?
On 15 Feb 2017 7:03 pm, "Michael Biebl" <bi...@debian.org> wrote:
On Wed, 25 Jan 2017 13:42:29 +0100 cgzones <cgzo...@googlemail.com> wrote:
&
Package: clang-4.0
Version: 1:4.0~+rc1-1
The shipped file /usr/bin/scan-build-4.0-py is a dead link to a non
existent target ../share/clang/scan-build-4.0/bin/scan-build-py.
Maybe the target should be ./share/clang/scan-build-py-4.0/bin/scan-build?
Thanks a lot for your response and the fixes.
I finally got some time and reran cruft at the new version:
missing: dpkg
/usr/lib/x86_64-linux-gnu/gio
/usr/lib/x86_64-linux-gnu/gio/modules
I reported it here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852549
Package: libglib2.0-0
Version: 2.50.2-2
cruft creates a report regarding this package:
missing: dpkg
/usr/lib/x86_64-linux-gnu/gio
/usr/lib/x86_64-linux-gnu/gio/modules
This is due to libglib2.0-0 lists this directory and file but does not
ship it by default.
The
to pam_selinux.so, so that via different pam
configurations, like sddm does it
https://github.com/sddm/sddm/blob/develop/src/helper/backend/PamBackend.cpp#L220,
different contexts can be assigned.
From: cgzones <cgzo...@googlemail.com>
Date: Tue, 3 Jan 2017 12:04:20 +0100
Subject: [PATCH] pam_selinu
Package: dpkg
Version: 1.18.18
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
Currently, dpkg runs its maintainer tasks in the SELinux type
dpkg_script_t without changing the SELinux user or role.
So when running root as sysadm_u:sysadm_r:sysadm_t, the tasks will be
run in
Package: cruft
Version: 0.9.29
Running cruft on a test vm with SELinux creates some noise.
I created some filters and explain scripts under the guideline,
filters contains paths, which may be present on the system and paths
from the explain scripts must be present.
In addition, I ignored the two
Package: monit
Version: 1:5.20.0-4
On package installation, the log file /var/log/monit.log is created by
the post install script monit.postinst.
The SELinux context will not bet correctly set up.
Can you please either add something like
if [ -x /sbin/restorecon ]; then
and clarity I only
load the for my system needed modules and xserver is not one of them.
2017-01-01 16:35 GMT+01:00 Michael Biebl <bi...@debian.org>:
> Am 01.01.2017 um 16:14 schrieb cgzones:
>> I meant the x11-common Debian package.
>> The SELinux file contexts are defined
9 schrieb cgzones:
>> Package: systemd
>> Version: 232-8
>>
>> Can the configuration files under /usr/lib/tmpfiles.d/ be distributed
>> be their respective packages.
>> Like:
>> Configuration file Package
>> colord.conf
Package: systemd
Version: 232-8
Can the configuration files under /usr/lib/tmpfiles.d/ be distributed
be their respective packages.
Like:
Configuration file Package
colord.confcolord
dbus.conf dbus
gvfsd-fuse-tmpfiles.confgvfs or
if dbus-send --system / app.apt.dbus.updated boolean:true >
/dev/null 2>&1; then
Kindly Regards,
Christian Göttsche
2016-12-30 21:43 GMT+01:00 David Kalnischkies <da...@kalnischkies.de>:
> Control: severity -1 wishlist
>
> On Thu, Dec 29, 2016 at 12:22:02PM +0100, cgz
Göttsche
2016-12-31 12:49 GMT+01:00 Dominick Grift <dac.overr...@gmail.com>:
> On 12/31/2016 12:41 PM, Dominick Grift wrote:
>> On 12/31/2016 12:38 PM, Dominick Grift wrote:
>>> On 12/31/2016 11:34 AM, cgzones wrote:
>>>> Wow!
>>>>
>>>> Thank you
://github.com/cgzones/debian-package-refpolicy/commit/3ba127468436334275398a824260383208ee58b1
One small issue arises for me:
I tried to set up the directory '/sys/kernel/debug/tracing' via
'genfscon sysfs /kernel/debug/tracing
gen_context(system_u:object_r:tracefs_t,s0)'
but is it still labeled
t; thanks
>>
>> On Thu, 29 Dec 2016 12:36:30 +0100 cgzones <cgzo...@googlemail.com> wrote:
>>
>> > When running a SELinux enabled system /sys/devices/system/cpu/online
>> > is mislabeled after boot:
>> >
>> > root@test1:/root/selinux/po
hu, 29 Dec 2016 12:36:30 +0100 cgzones <cgzo...@googlemail.com> wrote:
>
>> When running a SELinux enabled system /sys/devices/system/cpu/online
>> is mislabeled after boot:
>>
>> root@test1:/root/selinux/policy# restorecon -vv -R -F -n /sys
&
Package: systemd
Version: 232-8
When running a SELinux enabled system /sys/devices/system/cpu/online
is mislabeled after boot:
root@test1:/root/selinux/policy# restorecon -vv -R -F -n /sys
Would relabel /sys/devices/system/cpu/online from
system_u:object_r:sysfs_t:s0 to
Package: apt
Version: 1.4~beta2
The script '/usr/lib/apt/apt.systemd.daily' uses 'pidof dbus-daemon'
to check whether dbus is running and whether to send a message.
With SELinux enabled this causes avc denials like:
type=PROCTITLE msg=audit(12/29/16 07:43:22.385:42209) :
proctitle=pidof
Package: refpolicy
Version: 2:2.20161023.1-3
Ship a list of modules build into the base module package.
This might help with module management.
---
debian/rules | 1 +
debian/selinux-policy-default.install | 1 +
debian/selinux-policy-mls.install | 1 +
3 files
Package: refpolicy
Version: 2:2.20161023.1-3
The usage of the macro domain_auto_trans is deprecated.
Use domain_auto_transition_pattern instead.
---
debian/example/example.if | 2 +-
debian/policygentool | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git
Package: refpolicy
Version: 2:2.20161023.1-3
Use dh_install --fail-missing for hard build errors.
---
debian/rules | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/rules b/debian/rules
index d6fe74b..d1f7e7c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -23,7 +23,7
Package: refpolicy
Version: 2:2.20161023.1-3
Git-buildpackage complains about an old config format.
While on it, reintroduce signing tags
---
debian/gbp.conf | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 6837223..557fbe8 100644
---
files, but
that does not solve the issue.
But I am not sure the upstream python modules were used, and probably
the system's libsepol was used too.
Kindly Regards,
Christian Göttsche
2016-12-17 9:57 GMT+01:00 Laurent Bigonville <bi...@debian.org>:
> Le 15/12/16 à 14:13, cgzone
Package: policycoreutils-python-utils
Version: 2.6-2
When working on SELinux login settings, it seems that semanage is not
aware of already existing entries.
Example usage:
root@desktopdebian:/home/christian# semanage login -a -s unconfined_u christian
libsemanage.add_user: user system_u not in
Package: setools
Version: 3.3.8+20151215-3
Severity: normal
After the recent upgrades of the selinux userland libraries i noticed
a bug in the seinfo tool.
Example output:
christian@debianSE:~$ seinfo
Statistics for policy file: /etc/selinux/default/policy/policy.30
Policy Version & Type:
I can confirm this bug.
It seems this is already fixed upstream; can you please cherry pick this
https://github.com/SELinuxProject/selinux/commit/5a8d8c499b2ef80eaa7b5abe2ec68d7101e613bf
patch?
Package: newrole
Version: 2.4-4
When i try to use newrole on debian testing with upstream refpolicy
(https://github.com/TresysTechnology/refpolicy) installed, i got the
following error:
root@debianSe:~# newrole -r sysadm_r -t sysadm_t
Password:
newrole: incorrect password for root
Error sending
Package: monit
Version: 1:5.4-2
Severity: wishlist
Hi,
can you please backport monit 5.5 for debian wheezy.
Best regards,
Christian Göttsche
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Package: selinux-policy-default
Version: 2:2.20110726-11
Severity: wishlist
Hi,
can you include a policy package for monit.
I write one which covers the monit daemon, the web interface, the
process monitoring and the monit invocation from a root console.
It does not cover connections to m/monit
Package: selinux-policy-default
Version: 2:2.20110726-11
Severity: wishlist
Hi,
can you unite the booleans allow_ptrace and deny_ptrace
Best regards,
Christian Göttsche
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Package: selinux-policy-default
Version: 2:2.20110726-11
I'm using smartmontools and the daemon needs to read and write into it's
lib directory /var/lib/smartmontools.
This directory is not labeled, so i get the following denies:
Oct 14 19:29:27 debian kernel: [ 18.35] type=1400
51 matches
Mail list logo