Your message dated Thu, 06 May 2021 14:19:53 +0000
with message-id <[email protected]>
and subject line Bug#988100: fixed in mmdebstrap 0.7.5-2.1
has caused the Debian Bug report #988100,
regarding mmdebstrap: squashfs image lack security capabilities (e.g. for
/bin/ping)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mmdebstrap
Version: 0.7.5-2
Severity: important
Hi,
/bin/ping (from iputils-ping) uses the security capabilities to allow
users to use the program:
```
$ getcap /bin/ping
/bin/ping cap_net_raw=ep
```
When generating a squashfs images with mmdebstrap, these security
capabilities are lost. Example for a minimal chroot on Debian unstable:
```
$ apt install -y bdebstrap mmdebstrap squashfs-tools-ng
$ mkdir -p ~/.ssh
$ touch ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
$ bdebstrap -c /usr/share/doc/bdebstrap/examples/Debian-buster-live.yaml
--packages iputils-ping -n example2
[...]
W: tar2sqfs does not support extended attributes
[...]
$ rdsquashfs -x /bin/ping example2/root.squashfs
$
```
Adding `push @taropts, '--xattrs';` after the tar2sqfs warning line 5355
will produce a squashfs image that contains the security capabilities:
```
$ rdsquashfs -x /bin/ping example2/root.squashfs
security.capability=0x0100000200200000000000000000000000000000
```
This test was done on Debian unstable and Debian bullseye with
mmdebstrap 0.7.5-2 and squashfs-tools-ng 1.0.4-1.
--
Benjamin Drung
Senior DevOps Engineer and Debian & Ubuntu Developer
Compute Platform Operations
1&1 IONOS SE | Greifswalder Str. 207 | 10405 Berlin | Deutschland
E-Mail: [email protected] | Web: www.ionos.de
Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 24498
Vorstand: Hüseyin Dogan, Dr. Martin Endreß, Claudia Frese, Henning
Kettler, Arthur Mai, Matthias Steinberg, Achim Weiß
Aufsichtsratsvorsitzender: Markus Kadelke
Member of United Internet
--- End Message ---
--- Begin Message ---
Source: mmdebstrap
Source-Version: 0.7.5-2.1
Done: Benjamin Drung <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mmdebstrap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Benjamin Drung <[email protected]> (supplier of updated mmdebstrap
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 06 May 2021 15:06:07 +0200
Source: mmdebstrap
Architecture: source
Version: 0.7.5-2.1
Distribution: unstable
Urgency: medium
Maintainer: Johannes 'josch' Schauer <[email protected]>
Changed-By: Benjamin Drung <[email protected]>
Closes: 988100
Changes:
mmdebstrap (0.7.5-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Pass extended attributes to tar2sqfs (Closes: #988100)
Checksums-Sha1:
59dbb704f0a1dc6143106ccb0de32edf899a202b 2197 mmdebstrap_0.7.5-2.1.dsc
775a739f2ecec4fb2a324c3d754e93d7f2057705 11292
mmdebstrap_0.7.5-2.1.debian.tar.xz
c7c209133a47e5c73c0f40ef948a22939ad8539a 7370
mmdebstrap_0.7.5-2.1_source.buildinfo
Checksums-Sha256:
b3f7495241ffce39a43d047521912412a5cf4fa8a5ad9d58c69f40978ceae0f1 2197
mmdebstrap_0.7.5-2.1.dsc
02737035eec814cc5a9376b33d26a747d0103e7422d2cb74f6f62047d65c38d6 11292
mmdebstrap_0.7.5-2.1.debian.tar.xz
a4f83cf1647b082c46ce74d71411912a4b54425f7e755227e33b16677e1f13d1 7370
mmdebstrap_0.7.5-2.1_source.buildinfo
Files:
15f9a8eb51c0b8d9a06f19065229c23d 2197 admin optional mmdebstrap_0.7.5-2.1.dsc
04798edbb999c9396d4f40c6f189f717 11292 admin optional
mmdebstrap_0.7.5-2.1.debian.tar.xz
40d8624d98bbdd5dc6260feca10b9f16 7370 admin optional
mmdebstrap_0.7.5-2.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE5/q3CzlQJ15towl13YzVpd6MfnoFAmCT8ZkACgkQ3YzVpd6M
fnpNaA//SQd8HbEySh9afG7a/tOQkxvGeRPIg52jhXZmQeOOFFXZ4CKUEryV8U0W
Py8oZjpYhcLLOipZgXNAvjzk867aA6RqynHBhiL7+vmHGz94rywX9QxI+W2LEWyR
Cs0+isRcBcHj7jCgpTM6dQjDVfC9Lb3ISOzwq2aDMrFNdl55v6WOBZZYe2PA24tY
qCzTEWLkfhBVY6bdiBXOzKyf5QIx0ydymCv3yhJd6LFWtSpn+sBmEndy89KIr+5X
ftR8VZ7FTnXCrURv6rqSwBNpZFPnMe74FFV6i6K9TZL0rxB020lmdb7HhUxo+VSi
10TKFq/vyt/9uFuQqi141YfxkFRssT4e4noVIugYAmAlzfcoKfxiLYWrFGWc7yDd
P3cVSgBeGStI+cEtalVYGVZofebYq9o6Ne97RtaQW+gYDw9fljVH5fMY2L0y0PkD
0CIgGjOU+4Fg5iAmgQkRDZIPYak3CzbrUXGHXoe4LZWgcY3vU9bJH042Z1cq5UEj
jZIDgm7bd3p9XxOA93FkTDKfvwnu0qW/nlqt/MQSmzSncyXlQaCHnXkz35SVILYJ
6RaPAeeA7xqahIeJCm2fbTYih+MW1SCdPfu57UtdESfIC28xEIsAS5baUV2ncLpr
1JCIEtVQvpFRZM8lviGaBBKvXHJ/A7DHoZtJd9k7rMOrsl3jE5g=
=wLIR
-----END PGP SIGNATURE-----
--- End Message ---
