Bug#1068601: Acknowledgement (selinux-policy-default: /var with nosuid and SELinux enabled breaks dpkg)
The following dpkg.te seems to have solved the problem for me.
```
module dpkg 1.0;
require {
type dpkg_script_t;
type dpkg_t;
class process2 nosuid_transition;
}
```
On Sun, Apr 7, 2024, at 2:42 PM, Debian Bug Tracking System wrote:
> Thank you for filing a new Bug report with Debian.
>
> You can follow progress on this Bug here: 1068601:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068601.
>
> This is an automatically generated reply to let you know your message
> has been received.
>
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
>
> As you requested using X-Debbugs-CC, your message was also forwarded to
> bl...@volian.org
> (after having been given a Bug report number, if it did not have one).
>
> Your message has been sent to the package maintainer(s):
> Debian SELinux maintainers
>
> If you wish to submit further information on this problem, please
> send it to 1068...@bugs.debian.org.
>
> Please do not send mail to ow...@bugs.debian.org unless you wish
> to report a problem with the Bug-tracking system.
>
> --
> 1068601: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068601
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
Bug#1068601: selinux-policy-default: /var with nosuid and SELinux enabled breaks dpkg
Package: selinux-policy-default
X-Debbugs-Cc: bl...@volian.org
Version: 2:2.20240202-1
Severity: important
Hello,
I have been messing around with configuring Debian with CIS controls and using
SELinux.
The first problem I've encountered is that having `/var` configured with
`nosuid` option causes dpkg to break for scripts. An example of the error
message with `apt install vim`.
```
dpkg (subprocess): unable to execute new vim-runtime package pre-installation
script (/var/lib/dpkg/tmp.ci/preinst): Permission denied
dpkg: error processing archive
/var/cache/apt/archives/vim-runtime_2%3a9.1.0199-1_all.deb (--unpack):
new vim-runtime package pre-installation script subprocess returned error exit
status 2
dpkg (subprocess): unable to execute new vim-runtime package post-removal
script (/var/lib/dpkg/tmp.ci/postrm): Permission denied
dpkg: error while cleaning up:
new vim-runtime package post-removal script subprocess returned error exit
status 2
```
`audit2why -a` gives me
```
type=AVC msg=audit(1712517197.064:359): avc: denied { nosuid_transition } for
pid=5633 comm="dpkg" scontext=unconfined_u:unconfined_r:dpkg_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:dpkg_script_t
:s0-s0:c0.c1023 tclass=process2 permissive=0
```
and then `audit2why -a` gives me
```
#= dpkg_t ==
allow dpkg_t dpkg_script_t:process2 nosuid_transition;
```
I think due to the importance of dpkg in the Debian ecosystem this should
probably be allowed in the global policy.
Also it seems that the salsa repository for refpolicy is not up-to-date with
the package that is being distributed. Salsa still shows refpolicy 2022, but
I'm seeing 2024 installed on my system. If this could be resolved I'd like to
fork the repo and tinker with the policy.
Thanks,
Blake
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.7.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not
set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default
Versions of packages selinux-policy-default depends on:
ii libselinux1 3.5-2+b1
ii libsemanage2 3.5-1+b3
ii libsepol23.5-2
ii policycoreutils 3.5-2
ii selinux-utils3.5-2+b1
Versions of packages selinux-policy-default recommends:
ii checkpolicy 3.5-1
pn setools
Versions of packages selinux-policy-default suggests:
pn logcheck
pn syslog-summary
-- no debconf information
Bug#1058657: python3-apt: undefined symbol: PyAptWarning
This bug can be reproduced with just a single import statement ``` import apt_inst ```
Bug#1053777: Man pages causes troff to warn about use of `CB` font
Package: pandoc Version: 2.17.1.1-3 Severity: normal Dear Maintainer, I was building one of my programs to upload and I came across a new warning that lintian doesn't like. W: nala: groff-message troff::5: warning: cannot select font 'CB' [usr/share/man/man8/nala.8.gz:1] It looks like this is fixed upstream in 3.1.7. I notice now that the Debian version is quite behind upstream. Is there any plans to update it to current? I found some similar bug reports such as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040975 Thanks, Blake -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.5-x64v3-xanmod1 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: SELinux: enabled - Mode: Permissive - Policy name: default Versions of packages pandoc depends on: ii libc62.37-12 ii libffi8 3.4.4-1 ii libgmp10 2:6.3.0+dfsg-2 ii liblua5.3-0 5.3.6-2 ii libyaml-0-2 0.2.5-1 ii pandoc-data 2.17.1.1-3 ii zlib1g 1:1.2.13.dfsg-3 pandoc recommends no packages. Versions of packages pandoc suggests: pn citation-style-language-styles pn context pn ghc pn groff pn libjs-katex pn libjs-mathjax pn librsvg2-bin pn nodejs pn pandoc-citeproc ii perl5.36.0-9 pn php pn python pn r-base-core pn ruby pn texlive-latex-extra pn texlive-latex-recommended pn texlive-luatex pn texlive-xetex pn wkhtmltopdf -- no debconf information
Bug#1052125: nala cannot install the debreate package
I was able to reproduce this on my system. First this is the error that happens when installing. This is what crashes Nala because of the formatter. ``` Traceback (most recent call last): File "/usr/bin/debreate", line 230, in main() File "/usr/bin/debreate", line 27, in main import globals.paths File "/usr/share/debreate/globals/paths.py", line 16, in import libdbr.paths File "/usr/share/debreate/lib/libdbr/paths.py", line 18, in from . import sysinfo File "/usr/share/debreate/lib/libdbr/sysinfo.py", line 37, in if not __os_name: ^ NameError: name '__os_name' is not defined ``` This portion happens with apt as well, although apt doesn't crash. If you use --raw-dpkg switch with Nala it will complete. I have already fixed this crash upstream but haven't released yet. I would say you should likely report this to the debreate devs, even getting the install to complete with apt, the same error is thrown when I try to run the program.
Bug#1028245: nala: missing dependency
Hi thanks for using Nala and reporting bugs. This has been fixed upstream actually. We're currently working through a bug that is causing Nala to get removed from the testing repos. Once we fix that and release then this will be fixed, On Sun, Jan 8, 2023, at 2:13 PM, dimit...@stinpriza.org wrote: > Package: nala > Version: 0.12.0 > Severity: important > > happy new year! > > seems that nala fails if python3-debian is not installed. error : > > $ doas nala update > Traceback (most recent call last): > File "/usr/bin/nala", line 5, in > from nala.__main__ import main > File "/usr/lib/python3/dist-packages/nala/__main__.py", line 31, in > import nala.fetch as _fetch # pylint: disable=unused-import > File "/usr/lib/python3/dist-packages/nala/fetch.py", line 66, in > from debian.deb822 import Deb822 # isort:skip > ModuleNotFoundError: No module named 'debian' > > > installing python3-debian fixes this and nala runs as it should.. > but package is not listed as nala dependency.. > > thanks, > d. > > -- System Information: > Debian Release: bookworm/sid > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.10.142-antix.2-amd64-smp (SMP w/4 CPU threads; PREEMPT) > Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_UNSIGNED_MODULE > Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8), LANGUAGE=en_US > Shell: /bin/sh linked to /usr/bin/dash > Init: runit (via /run/runit.stopit) > > Versions of packages nala depends on: > ii apt2.5.4.0nosystemd1 > ii python33.10.6-3+b1 > ii python3-anyio 3.6.2-1 > ii python3-apt2.5.0 > ii python3-httpx 0.23.1-1 > ii python3-pexpect4.8.0-4 > ii python3-rich 13.0.0-1 > ii python3-tomli 2.0.1-2 > ii python3-typer 0.7.0-1 > ii python3-typing-extensions 4.3.0-2 > > Versions of packages nala recommends: > ii python3-socksio 1.0.0-2 > > nala suggests no packages. > > -- no debconf information >
Bug#1022275: Acknowledgement (nala: missing option "download only")
Hello, Thank you for using Nala and reporting bugs. I checked it out and `-d` indeed no longer exists. I'm not sure where this regression stems from but I can add it back in for the next release. It may be some time as I've been very busy lately. As for the severity of the bug, I am unsure how to change that. I wouldn't worry about it though, I'll handle it all the same. This one is pretty simple to fix. Thanks, Blake On Wed, Oct 26, 2022, at 5:30 PM, mh wrote: > Am Sun, 23 Oct 2022 12:27:04 + > schrieb "Debian Bug Tracking System" : > > Hi, I need to change the "severity", it is not a wishbug but a bug. > > There is a "-d" option, but it does not work (I am not the only to have > experieced it) whereas the long version "--download-only" works. > > So This wishbug should be changed to whatever is appropriate. > > Sorry for the confusion > > MH > > > > Thank you for filing a new Bug report with Debian. > > > > You can follow progress on this Bug here: 1022275: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022275. > > > > This is an automatically generated reply to let you know your message > > has been received. > > > > Your message is being forwarded to the package maintainers and other > > interested parties for their attention; they will reply in due course. > > > > Your message has been sent to the package maintainer(s): > > Volian Developers > > > > If you wish to submit further information on this problem, please > > send it to 1022...@bugs.debian.org. > > > > Please do not send mail to ow...@bugs.debian.org unless you wish > > to report a problem with the Bug-tracking system. > > >
Bug#1008816: ITP: kwin-bismuth -- KDE Plasma extension for tiling windows
I hammered away basically everything but the CI. I'm not familiar enough with Debian's CI yet to just get it going. I'll have to research the link from the issue you posted when I have more time. luckily I am familiar with GitLab's CI in general so it shouldn't be difficult once I have a free block to try. I believe I got everything else the way it should be. Thanks, Blake On Tue, Sep 27, 2022, at 2:53 AM, Didier 'OdyX' Raboud wrote: > Hello Blak, > > Le dimanche, 25 septembre 2022, 04.45:58 h CEST Blake Lee a écrit : > > Apologies for it taking me so long to get to it. > > No problem! > > > I nuked the repo and is now a clean, one commit, repo with only the unstable > > debian files in the master branch. > > Great, thanks! It was not a necessity to drop all past packaging work, but > doesn't hurt. > > > I've also updated the files to build with the latest upstream release. > > Tested with sbuild that it builds successfully. > > For _my_ standards, the package is still missing some thinks here and there, > which I have filed as issues on the Salsa project, under a common milestone: > > https://salsa.debian.org/qt-kde-team/extras/kwin-bismuth/-/milestones/1#tab-issues > > #3 can be discussed later, but the other are quite important before upload. > > Comments from others welcome of course! > > Best, > > OdyX > > *Attachments:* > * signature.asc
Bug#1008816: ITP: kwin-bismuth -- KDE Plasma extension for tiling windows
Thanks for the pointers. Apologies for it taking me so long to get to it. I nuked the repo and is now a clean, one commit, repo with only the unstable debian files in the master branch. I've also updated the files to build with the latest upstream release. Tested with sbuild that it builds successfully. Thanks, Blake On Tue, Aug 2, 2022, at 8:56 AM, Patrick Franz wrote: > Hej, > > Am Dienstag, 2. August 2022, 13:34:24 CEST schrieb Didier 'OdyX' Raboud: > > Hello there, > [...] > > I can't remember what the Qt-KDE Extras practices is, so I checked; > > https://qt-kde-team.pages.debian.net/gitguidelines.html seems to be > > the latest recommendations. > > Almost all of the repositories under https://salsa.debian.org/qt-kde-team > only contain the debian/ directory and no upstream sources > with the master branch pointing to the unstable packaging. > > If you want to go that route, I'd delete the repo just as Didier > suggested. > > The quickest way to get help in such questions is ususally to ask on IRC > in #debian-qt-kde. > > > -- > Med vänliga hälsningar > > Patrick Franz > > >
Bug#1008816: ITP: kwin-bismuth -- KDE Plasma extension for tiling windows
Hello! I've moved over the repository into Salsa, updated it for the latest release `3.1.2`. I've built it on my Sid desktop with sbuild, lintian reports no errors, and it the software is working as expected. Let me know if you see anything you would change. Thanks, Blake On Mon, Jul 25, 2022, at 12:32 PM, Blake Lee wrote: > Okay sounds good, I'll get it moved over when I get some time. > > I've been personally using and maintaining it for about 5 months now with no > issues. It's the best solution I've found for a good tiling experience in > KDE, previously I was using i3-gaps and picom, but there are a lot of minor > inconveniences with this route. > > Additionally my packaging was officially included in Ubuntu 22.04, with some > changes to the debian files that I backported. I know there are at least some > users of it as it's posted on bismuth's official GitHub. I've only ever > received requests to update the package to a new upstream version. > > On Mon, Jul 25, 2022, at 11:46 AM, Didier Raboud wrote: >> Le lundi, 25 juillet 2022, 17.35:43 h CEST Blake Lee a écrit : >> > As for the repo should I just mirror my current work from GitLab over to >> > Salsa? >> >> If that's working well for you, I'd say yes; having team-maintained packages >> in a common location makes most things easier; including common CI test >> scripts, team-at-large changes, etc. >> >> *Attachments:* >> * signature.asc >
Bug#1008816: ITP: kwin-bismuth -- KDE Plasma extension for tiling windows
Okay sounds good, I'll get it moved over when I get some time. I've been personally using and maintaining it for about 5 months now with no issues. It's the best solution I've found for a good tiling experience in KDE, previously I was using i3-gaps and picom, but there are a lot of minor inconveniences with this route. Additionally my packaging was officially included in Ubuntu 22.04, with some changes to the debian files that I backported. I know there are at least some users of it as it's posted on bismuth's official GitHub. I've only ever received requests to update the package to a new upstream version. On Mon, Jul 25, 2022, at 11:46 AM, Didier Raboud wrote: > Le lundi, 25 juillet 2022, 17.35:43 h CEST Blake Lee a écrit : > > As for the repo should I just mirror my current work from GitLab over to > > Salsa? > > If that's working well for you, I'd say yes; having team-maintained packages > in a common location makes most things easier; including common CI test > scripts, team-at-large changes, etc. > > *Attachments:* > * signature.asc
Bug#1008816: ITP: kwin-bismuth -- KDE Plasma extension for tiling windows
Hello, Thanks for the response. I'd say if John is interested in maintaining the package then it would definitely make sense to collaborate on it. As for the repo should I just mirror my current work from GitLab over to Salsa? Thanks, Blake On Mon, Jul 25, 2022, at 7:11 AM, Didier Raboud wrote: > Hello there Blake, > > I have heard about Bismuth and would like to see it in Debian. > > Le samedi, 2 avril 2022, 06.42:10 h CEST Blake Lee a écrit : > > * Package name: kwin-bismuth > > Version : 3.0.0 > > (...) > > I plan on maintaining this on my GitLab, but I would have > > no issue maintaining it with a team. I believe this is probably > > an area for the KDE Extras Team. > > I see that John (cc'ed) has already started a Debian package on Salsa > (Debian's Gitlab instance): https://salsa.debian.org/jgoerzen/bismuth > > Would it make sense for you two to collaborate on this? > > I agree it would make sense in KDE Extras, so (as I had the rights), just > went > away and created a repo there: > > https://salsa.debian.org/qt-kde-team/extras/kwin-bismuth > > I've invited John and you to it; don't hesitate to ask if you have questions! > > > I will need a sponsor to upload this package. > > Happy to review and upload when that's Debian-ready! > > *Attachments:* > * signature.asc
Bug#1010913: nala: Please provide a means to run "nala upgrade" without updating the package list
I think this sounds like a great idea. I'll be sure to get a configuration option for this in the next release. In the mean time `nala upgrade --no-update` should be able to get the functionality that you want. Thanks, Blake On Thu, May 12, 2022, at 9:03 PM, Axel Beckert wrote: > Package: nala > Version: 0.8.2 > Severity: wishlist > > Hi, > > nala seems to mimic that annoying misfeature of yum/dnf to always update > the package list even if you just did that and just want to upgrade > packages. > > So please provide a means (e.g. a configuration option in > /etc/nala/nala.conf) to not run a package list update on "nala upgrade". > > Thanks in advance! > > -- System Information: > Debian Release: bookworm/sid > APT prefers unstable > APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'), > (500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), > (1, 'buildd-experimental') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 5.16.0-6-amd64 (SMP w/8 CPU threads; PREEMPT) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set > Shell: /bin/sh linked to /bin/dash > Init: sysvinit (via /sbin/init) > LSM: AppArmor: enabled > > Versions of packages nala depends on: > ii apt 2.4.5 > ii python3 3.10.4-1+b1 > ii python3-anyio3.5.0-4 > ii python3-apt 2.3.0+b1 > ii python3-httpx0.22.0-2 > ii python3-pexpect 4.8.0-2 > ii python3-rich 12.1.0-1 > ii python3-typer0.4.1-1 > > Versions of packages nala recommends: > ii python3-socksio 1.0.0-2 > > nala suggests no packages. > > -- no debconf information >
Bug#1008816: ITP: kwin-bismuth -- KDE Plasma extension for tiling windows
Package: wnpp Severity: wishlist Owner: Blake Lee X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: kwin-bismuth Version : 3.0.0 Upstream Author : Mikhail Zolotukhin * URL : https://github.com/Bismuth-Forge/bismuth * License : Expat, GPL-3+, CC-BY-4.0, LGPL-3.0+ Programming Lang: RypeScript, C++, QML Description : KDE Plasma extension for tiling windows Description: KDE Plasma extension for tiling windows KDE Plasma add-on, that tiles your windows automatically and lets you manage them via keyboard, similarly to i3, Sway or dwm. This package extends the kwin WM to allow for tiling windows. I have used many different tiling scripts for kwin and in my opinion this is by far the best one. I plan on maintaining this on my GitLab, but I would have no issue maintaining it with a team. I believe this is probably an area for the KDE Extras Team. I will need a sponsor to upload this package.
Bug#1008644: ITP: nala -- commandline frontend for the apt package manager
Package: wnpp Severity: wishlist Owner: Blake Lee X-Debbugs-Cc: debian-de...@lists.debian.org * Package name: nala Version : 0.7.1 Upstream Author : Blake Lee * URL : https://gitlab.com/volian/nala * License : GPLv3+ Programming Lang: Python Description : commandline frontend for the apt package manager nala is a frontend for the apt package manager. It has a lot of the same functionality, but formats the output to be more human readable. Also implements a history function to see past transactions and undo/redo them. Much like Fedora's dnf history. This package is useful because it improves the UX of managing packages through the command line with python3-apt. Additionally provides some extra quality of life features such as a transaction history you can interact with. I use nala daily, as do many others. Similar packages include apt and aptitude. Nala improves upon the hardwork of the apt team by formatting the output in a more readable manner. At the moment I maintain this program on our GitLab. That is where we accept bug reports and feature requests. I don't have any problems accepting bug reports from Debian's system, or emails for that matter. I regularly accept bug reports from our GitHub as well. We currently have support for the German language, and I have someone working on a Spanish po file as well. Nala is still in active development, but it is very usable. I've had many people ask me about getting this into the Official Debian repos so this is my request for that. I assume that I would be in need of a sponser considering I've never uploaded anything into a Debian repository. But I did try my best to make the debian files proper, and I personally use sbuild for building the software. In case it is required I do have our repo already mirrored into debian salse https://salsa.debian.org/volian-team/nala My users would be thrilled to hear this makes it into the official repositories. I'm looking forward to your response.
Bug#1006257: python3-apt: Sigwinch window resizes have no effect on debconf prompts
Package: python3-apt Version: 2.3.0+b1 Severity: important Dear Maintainer, After running cache.commit() sigwinch signals don't seem to be respected. If I resize the terminal after calling comit, and hit a debconf prompt it will be formatted weird. additionally if you can get a prompt that allows executing a shell, such as a conf prompt, the shell will not get sigwinch updates either. -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.15.0-3-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_WARN, TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages python3-apt depends on: ii distro-info-data 0.52 ii libapt-pkg6.0 2.3.15 ii libc6 2.33-5 ii libgcc-s1 11.2.0-16 ii libstdc++6 11.2.0-16 ii python-apt-common 2.3.0 ii python33.9.8-1 Versions of packages python3-apt recommends: ii iso-codes4.9.0-1 ii lsb-release 11.1.0 Versions of packages python3-apt suggests: ii apt 2.3.15 pn python-apt-doc pn python3-apt-dbg -- no debconf information
Bug#999441: selinux-policy-default: SELinux prevents dbus and firewalld from running properly
Package: selinux-policy-default
Version: 2:2.20210203-10
Severity: important
Dear Maintainer,
On a fresh install of Debian sid I installed firewalld and selinux.
I rebooted to allow the system to do the autorelabling. Once done and the
system came back up I got an error about dbus and firewalld would not start.
I added modules using audit2allow and was able to get dbus to come up but I was
unable to get firewalld to operate fully, I did get it to start at least.
Commands like firewall-cmd --state doesn't work. Everything I tested was working
fine in permissive mode. I'll paste my .te files created from audit2allow for
you.
module dbus 1.0;
require {
type system_dbusd_t;
type security_t;
class file map;
}
#= system_dbusd_t ==
allow system_dbusd_t security_t:file map;
This firewalld one has an extra one that was causing an error too, I'm not sure
if
it has any weight on what is going on, but the null was making it hard to make
a module
I had to `cat /var/log/audit/audit.log | grep firewalld_t | grep -v null |
audit2allow`
module firewalld_volian. 1.0;
require {
type xdg_data_t;
type lib_t;
type firewalld_etc_rw_t;
type firewalld_t;
type sysctl_kernel_t;
type unconfined_t;
type tmpfs_t;
type kernel_t;
type user_home_dir_t;
class dir { search watch };
class file { execute map open read write };
class netlink_netfilter_socket { create getopt read setopt write };
class process { getcap setcap };
class capability setpcap;
class (null) 0x2;
class system module_request;
}
#= firewalld_t ==
allow firewalld_t firewalld_etc_rw_t:dir watch;
allow firewalld_t kernel_t:system module_request;
allow firewalld_t lib_t:dir watch;
allow firewalld_t self:capability setpcap;
allow firewalld_t self:netlink_netfilter_socket { create getopt read setopt
write };
allow firewalld_t self:process { getcap setcap };
allow firewalld_t sysctl_kernel_t:dir search;
allow firewalld_t sysctl_kernel_t:file { open read };
allow firewalld_t tmpfs_t:file { map write };
allow firewalld_t tmpfs_t:file { execute read };
allow firewalld_t unconfined_t:(null) 0x2;
allow firewalld_t user_home_dir_t:dir search;
allow firewalld_t xdg_data_t:dir search;
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.14.0-4-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default
Versions of packages selinux-policy-default depends on:
ii libselinux1 3.3-1
ii libsemanage2 3.3-1
ii libsepol23.3-1
ii policycoreutils 3.3-1
ii selinux-utils3.3-1
Versions of packages selinux-policy-default recommends:
ii checkpolicy 3.3-1
ii setools 4.4.0-1
Versions of packages selinux-policy-default suggests:
pn logcheck
pn syslog-summary
-- no debconf information
Bug#888227: dash: Dash update remove /bin/sh symlink
Package: dash Version: 0.5.8-2.6 Severity: important Dear Maintainer, I was doing an apt dist-upgrade on sid today when apt stopped and there was no way to bring it back. Dpkg wouldn't work and neither would apt. I recreated the symlink and after a few tries was able to get the update to finish. This also has happened on my laptop. relevant terminal output below (Reading database ... 194866 files and directories currently installed.) Preparing to unpack .../dpkg_1.19.0.5_amd64.deb ... Unpacking dpkg (1.19.0.5) over (1.19.0.4) ... Setting up dpkg (1.19.0.5) ... (Reading database ... 194866 files and directories currently installed.) Preparing to unpack .../dash_0.5.8-2.6_amd64.deb ... Removing 'diversion of /bin/sh to /bin/sh.distrib by dash' Adding 'diversion of /bin/sh to /bin/sh.distrib by bash' Removing 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by dash' Adding 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by bash' Unpacking dash (0.5.8-2.6) over (0.5.8-2.5) ... dpkg: warning: 'sh' not found in PATH or not executable dpkg: error: 1 expected program not found in PATH or not executable Note: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin E: Sub-process /usr/bin/dpkg returned an error code (2) -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.12-acs (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages dash depends on: ii debianutils 4.8.4 ii dpkg 1.19.0.5 ii libc62.26-4 dash recommends no packages. dash suggests no packages. -- debconf information: * dash/sh: true
