Bug#1037547: More info
pilgrim:/etc/fapolicyd/rules.d# ls 90-deny-execute.rules pilgrim:/etc/fapolicyd/rules.d# cat 90-deny-execute.rules # Deny execution for anything untrusted deny_audit perm=execute all : all pilgrim:/etc/fapolicyd# cat fapolicyd.conf # # This file controls the configuration of the file access policy daemon. # See the fapolicyd.conf man page for explanation. # permissive = 0 nice_val = 14 q_size = 640 uid = fapolicyd gid = fapolicyd do_stat_report = 1 detailed_report = 1 db_max_size = 50 subj_cache_size = 1549 obj_cache_size = 8191 watch_fs = ext2,ext3,ext4,tmpfs,xfs,vfat,iso9660,btrfs trust = rpmdb,file integrity = none syslog_format = rule,dec,perm,auid,pid,exe,:,path,ftype,trust rpm_sha256_only = 0 allow_filesystem_mark = 0 Looks like the shipped policy is to deny all execute and with permissive=0 this is enforced.
Bug#1037547: fapolicyd: Installation of fapolicyd via apt caused everything to immediately become non-executable.
Package: fapolicyd Version: 1.1.7-5 Severity: important Dear Maintainer, I wanted to try out fapolicyd. I typed apt install fapolicyd on my recently upgraded bookworm system While installing it complained about being unable to do something with man pages. Immediately after installing no external executables were executable. In order to regain control of the system I had to stomp on the systemd file for fapolicyd via redirection from my shell and power cycle my laptop. I expected to still be able to run most normal binaries -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-9-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages fapolicyd depends on: ii adduser 3.134 ii libc62.36-9 ii libcap-ng0 0.8.3-1+b3 ii liblmdb0 0.9.24-1 ii libmagic11:5.44-3 ii libseccomp2 2.5.4-1+b3 ii libssl3 3.0.9-1 ii libudev1 252.6-1 fapolicyd recommends no packages. fapolicyd suggests no packages. -- no debconf information
Bug#960205: stumpwm: Panels do not work as documented https://stumpwm.github.io/1.0.0/stumpwm-1.0.0_7.html#Mode_002dline
Package: stumpwm Version: 2:1.0.0-1 Severity: important Dear Maintainer, I launched the lxqt desktop with stumpwm confiured as the window manager. According to the stumpwm documentation this should cause the lxqt-panel to replace the mode-line. While the lxqt-panel did initially appear it vanished almost immediately. If I relaunched lxqt-panel it would vanish whenever I switched between apps or otherwise invoked stumpwm functionality. Typing mode-line at the ":" prompt toggled stumpwm's built in mode line rather than the lxqt-panel. I have previously tried various other panels in combination with stumpwm with similar results. I strongly suspect that this upstream bug: https://github.com/stumpwm/stumpwm/issues/293 is the cause since v1.0.0 of stumpwm contains the commit which introduced the bug but not the commit which fixed it. The bug could therefore likely be remedied by updating to the latest (19.11) version of stumpwm however even Debian unstable only has version 1.0.0 Thanks for your maintenace efforts. Bill -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (990, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-8-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages stumpwm depends on: ii cl-clx-sbcl 0.7.4.20160323-1.1 ii cl-ppcre 20180805.git2115632-1 stumpwm recommends no packages. Versions of packages stumpwm suggests: ii chimera2 [www-browser]2.0a19-8+b2 ii chromium [www-browser]80.0.3987.162-1~deb10u1 ii elinks [www-browser] 0.13~20190125-3 ii emacs-gtk [info-browser] 1:26.1+1-3.2+deb10u1 ii epiphany-browser [www-browser]3.32.1.2-3~deb10u1 ii firefox-esr [www-browser] 68.8.0esr-1~deb10u1 ii gnome-terminal [x-terminal-emulator] 3.30.2-2 ii info [info-browser] 6.5.0.dfsg.1-4+b1 ii jed [info-browser]1:0.99.19-7+b1 ii konqueror [www-browser] 4:18.12.0-1 ii konsole [x-terminal-emulator] 4:18.04.0-1 ii lynx [www-browser]2.8.9rel.1-3 ii qterminal [x-terminal-emulator] 0.14.1-1 ii rlwrap0.43-1+b1 ii rxvt-unicode [x-terminal-emulator]9.22-6 pn slime ii terminator [x-terminal-emulator] 1.91-4 ii termit [x-terminal-emulator] 3.0-1+b1 ii tkinfo [info-browser] 2.11-2 ii w3m [www-browser] 0.5.3-37 ii x11-utils 7.7+4 ii xterm [x-terminal-emulator] 344-1 ii xvt [x-terminal-emulator] 2.1-20.3 -- no debconf information
