Your message dated Thu, 19 May 2016 23:01:01 +0000
with message-id <[email protected]>
and subject line Bug#819498: fixed in resolvconf 1.79
has caused the Debian Bug report #819498,
regarding /etc/resolvconf/update.d/resolvconf-update-bind called without
CAP_CHOWN from n-m
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
819498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819498
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: resolvconf
Version: 1.78
Severity: normal
Hi,
on a system with network-manager and systemd as PID 1,
/etc/resolvconf/update.d/resolvconf-update-bind gets called without
CAP_CHOWN due to CapabilityBoundingSet in
/lib/systemd/system/network-managaer.service. This causes the script
to fail when it tries to chown root:bind named.options_new.$PID,
resulting in a non-updated named.options.
This can either be fixed by asking n-m to ad CAP_CHOWN to the
CapabilityBoundingSet of Network-Manager, to drop a supplement in
/etc/systemd/system/network-manager.service.d/resolconf-cap
(unfriendly), to ask bind to make /var/run/bind sgid bind, or to fix
the script to not chown the file in the first place.
I have fixed the issue locally by removing the chown file from the
script with no noticed negative effect, but I don't know which corner
cases might be here. So I'd like to ask the package maintainer to
choose whatever is appropriate.
Since using a locally installed bind on a system that has its network
managed with Network-Manager is a rather uncommon setup, I have filed
this bug as "normal" only, but would like to suggest this to be
addressed anyway.
Greetings
Marc
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-zgws1 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages resolvconf depends on:
ii debconf [debconf-2.0] 1.5.59
ii ifupdown 0.8.10
ii init-system-helpers 1.29
ii initscripts 2.88dsf-59.3
ii lsb-base 9.20160110
resolvconf recommends no packages.
resolvconf suggests no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: resolvconf
Source-Version: 1.79
We believe that the bug you reported is fixed in the latest version of
resolvconf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Hood <[email protected]> (supplier of updated resolvconf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Apr 2016 12:00:00 +0200
Source: resolvconf
Binary: resolvconf
Architecture: source all
Version: 1.79
Distribution: unstable
Urgency: low
Maintainer: resolvconf maintainers <[email protected]>
Changed-By: Thomas Hood <[email protected]>
Description:
resolvconf - name server information handler
Closes: 804976 819498
Changes:
resolvconf (1.79) unstable; urgency=low
.
[ Thomas Hood ]
* Use which to test for availability of dnssec-triggerd
* [19003cb] Drop obsolete versioned dependencies.
Thanks to biebl (Closes: 804976)
* [b348580] Update README
* [7e33af8] Omit chown from example script resolvconf-update-bind.
Thanks to Marc Haber (Closes: #819498)
* [22bfead] Create runtime dir if it does not exist. (In some upgrade
scenarios resolvconf gets called before the postinst or initscripts
get run.) Thanks to Martin Pitt (LP: #1536335)
Checksums-Sha1:
9d7c20b5d384058d32d122ce558a6dcdc30b3a3a 1704 resolvconf_1.79.dsc
a12afabe9e798aa72d0e0834e6d771b2e72b1b55 72672 resolvconf_1.79.tar.xz
520757e684c5ef56e23c699884aea6daec29b0d2 74158 resolvconf_1.79_all.deb
Checksums-Sha256:
e8b794948c8979d3be577cebec1a092341d0b7d9042d443d6efa48ec01a52959 1704
resolvconf_1.79.dsc
8e2843cd4162b706f0481b3c281657728cbc2822e50a64fff79b79bd8aa870a0 72672
resolvconf_1.79.tar.xz
7d564b42807cd5d97ed2f5e6b2032b946225800f60cb24dbd9eb7e15cbaf84e6 74158
resolvconf_1.79_all.deb
Files:
eab2e851db4c2d346fddb383a7d4eb1a 1704 net optional resolvconf_1.79.dsc
aab2382020fc518f06a06e924c56d300 72672 net optional resolvconf_1.79.tar.xz
7055f59950997f453aa2634ffa7412fe 74158 net optional resolvconf_1.79_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXPixqAAoJEFifA/AbpVA4OogQAJf9lG4UBzEM+gpCuy7bKwNU
gSORn1uH8B33EucLih2dfLivq4aTuQvDHaA4+5Wxlcm/e/aVi37UYywqG3UoPJfa
OLd+yCP+69RmM1t3+cKuHO8SiYQ3jTf8KeX13trT4jX1U6bI/QM2wNAUkHvoRMJG
L+61dsHwyw/F4Jat+d23HvmUBCRACr3A54NfMmWwTdpfHFz0jmRE38tqxhYb15BS
6GkRBZea9yFBHNp9rnnt3eROfJJriI1sglokZsbMGHIQdlTi7VCx5BEolj10SDQs
fgSyGP6TxtfqRxAlHHQKJ6aaisyQpO6oRdt45Mq4aAuv+9UTWuRoGoOzt0O/4Ydo
B5fUpUnXYHnD5ZOTcrnTXrKS7bRCT0K4FREY3AohDoD5eCKGK0eDPfbzoEe2HIsW
rP6Xr+WBoHdHlvTMtBlruVkX7011XhjEojhv1TWSGkR0y6Ki+KrEnabmzANGTuPZ
M+CnTa2HGEYMlG8bSBGAIo0RTYc2RSZ16dL2CWfvGuHMZ4PORh9JHyhVYWFfegYE
gLqpeg4UIkShx9uAAsmOcSN6WIsagZ4R1GDET3rnctgNnG18AVaUaC4051nWZBek
dDYc5Sd85KKprXTYlM/I96+gEDxKTLTPdJhpbpTrtUtnDgisRuMAQq2UoibAfnP6
3MoEDrFegRCYL4iLM6jg
=59sC
-----END PGP SIGNATURE-----
--- End Message ---
