Your message dated Wed, 19 Sep 2012 06:31:26 +0000 with message-id <[email protected]> and subject line Bug#679641: fixed in dpkg 1.15.8.13 has caused the Debian Bug report #679641, regarding dpkg: if mcstransd is unexpectedly stopped then dpkg uses invalid SE Linux context to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 679641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679641 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: dpkg Version: 1.16.4.3 Severity: normal I am giving this bug "normal" severity, but for certain types of SE Linux use it might be regarded as more severe. 1) rjc:user_r:user_t:s0-s0:c0.c1023 2) rjc:user_r:user_t:SystemLow-SystemHigh The way things currently work is that dpkg converts the sensitivity range of a file from the computer readable form to the human readable form (the first of the above two lines to the second). Then before writing the data to disk it converts it back to the first form. mcstransd is used for the conversions both ways, if it's running when dpkg tries to convert from #1 to #2 but not running when dpkg wants to convert from #2 to #1 then dpkg will try to write #2 to disk, which is a violation of SE Linux policy. This can happen when dpkg upgrades multiple packages including policycoreutils (which contains mcstransd). A mitigating factor for the users is that it's recommended that upgrades of SE Linux policy and related packages (including policycoreutils) between Debian releases be done in permissive mode with a full relabel afterwards. But if someone upgraded from Squeeze to Testing a few weeks ago and then upgraded to the latest Testing today it would mess things up. Error setting security context for next file object:: Invalid argument To demonstrate this problem instruct dpkg to install a couple of big packages (I use libreoffice-common and libreoffice-core) and then stop mcstransd while dpkg is working. You may need to do it two or three times to get it to happen. If the system is in permissive mode then the string "SystemLow" will be included in contexts written to disk and in enforcing mode dpkg will write a message such as the above to stderr. In both cases a message such as the below will be written to the audit log (or the kernel message log if auditd isn't running). type=AVC msg=audit(1341055747.187:1390): avc: denied { mac_admin } for pid=10131 comm="dpkg" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (350, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages dpkg depends on: ii libbz2-1.0 1.0.6-3 ii libc6 2.13-33 ii liblzma5 5.1.1alpha+20120614-1 ii libselinux1 2.1.9-5 ii tar 1.26-4 ii zlib1g 1:1.2.7.dfsg-13 dpkg recommends no packages. Versions of packages dpkg suggests: ii apt 0.9.7 -- no debconf information
--- End Message ---
--- Begin Message ---Source: dpkg Source-Version: 1.15.8.13 We believe that the bug you reported is fixed in the latest version of dpkg, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Guillem Jover <[email protected]> (supplier of updated dpkg package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 07 Sep 2012 08:28:56 +0200 Source: dpkg Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect Architecture: source amd64 all Version: 1.15.8.13 Distribution: stable Urgency: low Maintainer: Dpkg Developers <[email protected]> Changed-By: Guillem Jover <[email protected]> Description: dpkg - Debian package management system dpkg-dev - Debian package development tools dselect - Debian package management front-end libdpkg-dev - Debian package management static library libdpkg-perl - Dpkg perl modules Closes: 679641 Changes: dpkg (1.15.8.13) stable; urgency=low . [ Guillem Jover ] * Do not translate SE Linux context to human readable form while unpacking, as that might cause the operation to fail if the mcstransd daemon stopped running during the transaction. Closes: #679641 Thanks to Russell Coker <[email protected]>. . [ Updated man page translations ] * German (Helge Kreutzmann). Fix sub optimal translation of package states LP: #368783, a fix by Chris Leick and other fixes. Checksums-Sha1: c1bb45b5df9cd01bb35ba7d486c355cee53ce1ef 1212 dpkg_1.15.8.13.dsc d0b9386742f966345a23c3daa0391b37fa837a3f 5264193 dpkg_1.15.8.13.tar.bz2 b3ac621b1b4d110336e7d57e8626752a39d5038f 437874 libdpkg-dev_1.15.8.13_amd64.deb 77191771ae09f76d5c757f6904970ee069a26983 2398912 dpkg_1.15.8.13_amd64.deb ee39b1d11a3d9bf779c8c10341531c331096c89d 906488 dselect_1.15.8.13_amd64.deb f91e374e6b878cc3d4fb02b16ad5558215abf9fe 812818 dpkg-dev_1.15.8.13_all.deb 7e1609546da5fc1c9d3fd632d3579dcae3df428e 695030 libdpkg-perl_1.15.8.13_all.deb Checksums-Sha256: 074f4909e71cd2c14a03bcae34ad7f61c86410c020de4db0a840b1fe43ebcbb5 1212 dpkg_1.15.8.13.dsc 47ebe2e634bf6fdef263e787d7032d9afcf206f302fca1313a6eb5ff3a8eae3f 5264193 dpkg_1.15.8.13.tar.bz2 0ac315145cf67dd1d444c8a92a4a042b0f9b69bc29a9b6e5a37fe70bf0369bce 437874 libdpkg-dev_1.15.8.13_amd64.deb d49e5b8f56dd7db808e7002ca2581c1e3b987770e8252ab9f5d78228484b2a11 2398912 dpkg_1.15.8.13_amd64.deb 4d0d50a7be278e47207e2f55a2a123660a6bb635505d000886df2a156963427b 906488 dselect_1.15.8.13_amd64.deb 543f43592dc3f1d00208e9abe220531bb6a74e3219233ad58f076fb8aeda529c 812818 dpkg-dev_1.15.8.13_all.deb ab4f4dc4690772e853cfe22b25e2a9d6f2a74f4a173cf92b848eca2a0e584e95 695030 libdpkg-perl_1.15.8.13_all.deb Files: 2ab76036fa7613303624b9b53f54e7d2 1212 admin required dpkg_1.15.8.13.dsc 7f6ea19838311a66fdacce17991eba85 5264193 admin required dpkg_1.15.8.13.tar.bz2 8ac7c21908557586bfbc4692ad107ff0 437874 libdevel optional libdpkg-dev_1.15.8.13_amd64.deb 8bb5aa9b21b8a8d6c25dfd65905f8516 2398912 admin required dpkg_1.15.8.13_amd64.deb b990877e615daedae48254cf6c19492e 906488 admin optional dselect_1.15.8.13_amd64.deb 327c458d2024d12ade333701c0c0f57a 812818 utils optional dpkg-dev_1.15.8.13_all.deb 8be1632fed9a86ad5e64b03e53edbb39 695030 perl optional libdpkg-perl_1.15.8.13_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBYQL8ACgkQuW9ciZ2SjJt7VQCg1zMaTVV8ILrvKlDnhygnCv3K abIAoKom7InTr1KSvM/a3zz00gVIdhoJ =DMz5 -----END PGP SIGNATURE-----
--- End Message ---
