Your message dated Thu, 16 Apr 2020 08:35:26 +0000 with message-id <[email protected]> and subject line Bug#956177: fixed in fail2ban 0.11.1-2 has caused the Debian Bug report #956177, regarding fail2ban: daemon startup should not access /root/.local to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 956177: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956177 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: fail2ban Version: 0.11.1-1 Severity: normal type=AVC msg=audit(1586313861.749:37): avc: denied { search } for pid=704 comm="fail2ban-server" name=".local" dev="sdb2" ino=31516 scontext=system_u:system_r:fail2ban_t:s0 tcontext=unconfined_u:object_r:xdg_data_t:s0 tclass=dir permissive=0 Above is a SE Linux audit message generated by fail2ban starting on system boot. It is trying to access /root/.local which is inappropriate for a daemon. No system configuration should be under /root/ and any daemon which accesses that could give unexpected results. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Enforcing - Policy name: default Versions of packages fail2ban depends on: ii lsb-base 11.1.0 ii python3 3.8.2-2 Versions of packages fail2ban recommends: ii iptables 1.8.4-3 pn python3-pyinotify <none> pn python3-systemd <none> ii whois 5.5.6 Versions of packages fail2ban suggests: ii bsd-mailx [mailx] 8.1.2-0.20180807cvs-1+b1 ii monit 1:5.26.0-4 ii rsyslog [system-log-daemon] 8.2002.0-2 pn sqlite3 <none> -- Configuration Files: /etc/fail2ban/paths-debian.conf changed [not included] -- no debconf information
--- End Message ---
--- Begin Message ---Source: fail2ban Source-Version: 0.11.1-2 Done: Sylvestre Ledru <[email protected]> We believe that the bug you reported is fixed in the latest version of fail2ban, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sylvestre Ledru <[email protected]> (supplier of updated fail2ban package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 14 Apr 2020 11:44:23 +0200 Source: fail2ban Architecture: source Version: 0.11.1-2 Distribution: unstable Urgency: medium Maintainer: Debian Python Modules Team <[email protected]> Changed-By: Sylvestre Ledru <[email protected]> Closes: 956177 956681 Changes: fail2ban (0.11.1-2) unstable; urgency=medium . * Do not rotate log if empty. Thanks to Ron Varburg for the patch (Closes: #956681) * Add Environment="PYTHONNOUSERSITE=yes" to the service file to avoid fail2ban to read /root/.local/. Thanks to Russell Coker for the investigation (Closes: #956177) Checksums-Sha1: 8c98353cbe62ac09187b4ea6cd4021c21fed7cbe 2095 fail2ban_0.11.1-2.dsc 95a994f615bc2f06ccb9b02b1ae3b37409558b1e 28604 fail2ban_0.11.1-2.debian.tar.xz 6e2b57da9d32fdffadabe0e6ab25ab8a83d6ec2e 6116 fail2ban_0.11.1-2_amd64.buildinfo Checksums-Sha256: 4cae056a51e9e7b05b98e10d3d600479ccd83e59ec6cc292e6c3b3af5ee03650 2095 fail2ban_0.11.1-2.dsc 1d28a519cfec2cf4b3afb83cb8c3e87e6037a4b31e31b1b8d28d0a7f33c20e95 28604 fail2ban_0.11.1-2.debian.tar.xz 934abd43d74880c55f6d7c35c1985b229fc3061d36c92de74694a784a5c401c1 6116 fail2ban_0.11.1-2_amd64.buildinfo Files: da1d8cf43798bc68499542cd1e53828e 2095 net optional fail2ban_0.11.1-2.dsc e8e60c2fd72452c82ded95f62abe06e7 28604 net optional fail2ban_0.11.1-2.debian.tar.xz c3b1168438db0dd1cfe6b9f229585e05 6116 net optional fail2ban_0.11.1-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtg21mU05vsTRqVzPfmUo2nUvG+EFAl6YEwkACgkQfmUo2nUv G+EDsxAAk5O47Sip42r7Tg151Ct13Hvi24ZcrYeRw9K2yezCF1wRJvM9reWUPKPs 3iH6uXjC5dc99HAWbulzJELAYGqtTQ3PQDuaPjISF3QPlQcpD7FEGIRmWEicgrMK 7m3l9OkBx8nv/liemCPv1yUWqYrRSwhiZtFGVmyEFuMDKQKp+tChPbKv9Uogq9ys VeeAXB3CtYB1ad5r4UUnjysOGGbMIFyM4KcHrPFGtO0KgR2a+5JnT6jFbMuIrEtj 9NE8TVYhcz+sSiDSQ9ukvpKPQzp2scWSYr8/t47D1DcRwjz/+ab4nLmgEDjL//Tq CGhknXTPS2Xrw2SC3gh+sHOsQB9LthoOdYQ0yxATbtEZtsqSURwn2m5t57jtgj0Y aIEk0IVrHPHSx0eWs1iGgYeOXhpuvVOq+0d6BiYmo6+ndOogBBqGfiRdAjnmkMXo GWJlr/36ZGpGSfKRVifPnbGQS7ktI2AB5garw+cY8C3Q2vV5wpm1YQlbVu76mxe6 Dhtolp05dlJS4yNoHDaXeITGMXJiqpn6B7i9BAq7N0uJnSsSJiMh3lHAdaViFlt7 h03E7HK7wDj79yNmKsJ9N7CtX3HHAZ52lKbTBiRErAGNU6X+IZGFldzjelQ04QZR 4tSheQHjXNeGbX8AQwuwY949cU3Tb4AQbIF4uKMmCgJ8DdTjbIo= =aSw7 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Python-modules-team mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
