Bug#760526: Enable AppArmor support (using libapparmor)
On Sat, Oct 11, 2014 at 10:12:44AM +0200, intrigeri wrote: Hi, Michael Scherer wrote (11 Oct 2014 05:51:39 GMT) : Unfortunately, it seems the error code of aa_change_onexec is not propagated, which is a bug ( my fault, will correct upstream ). In the mean time, I guess we will have to use strace and/or gdb to get it and see what is going on. I will try to take a look later, once I can find a VM to debug it. Thanks a lot for caring about this :) Just to be clear: is any of this a blocker in your opinion to enable AppArmor support for Jessie (that is, in the next ~14 days), e.g. with the patch I've proposed? I am not sure if the question is for me, but I would say that the bug need to be fixed before enabling or saying it is supported. But I have no idea where is the problem, so if that's not in systemd, then we may miss the deadline. Ideally, backporting 5482192e5774f5 would help to debug, but I can do it myself I guess. And after battling with Digital Ocean, i was not able to make apparmor work on debian unstable, but mostly due to their platform. I will try again once I am back home to have a proper VM where i can decide the kernel to run without troubles. -- Michael Scherer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#760526: Enable AppArmor support (using libapparmor)
So, investigating the problem. The issue is that : ReadOnlyDirectories = / make aa_change_onexec fail with Oct 11 23:22:25 test-debian systemd[1985]: Failed at step APPARMOR spawning /usr/bin/tor: Read-only file system ( once there is proper reporting ). I suspect the issue is upstream, with the ordering of readonly vs apparmor. Adding : ReadWriteDirectories = /proc Seems to fix the issue as well. I am trying to see if I can fix properly upstream by moving around apparmor support in the source code. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#760526: Enable AppArmor support (using libapparmor)
On Sun, Oct 12, 2014 at 01:40:29AM +0200, Michael scherer wrote: So, investigating the problem. The issue is that : ReadOnlyDirectories = / make aa_change_onexec fail with Oct 11 23:22:25 test-debian systemd[1985]: Failed at step APPARMOR spawning /usr/bin/tor: Read-only file system ( once there is proper reporting ). I suspect the issue is upstream, with the ordering of readonly vs apparmor. Adding : ReadWriteDirectories = /proc Seems to fix the issue as well. I am trying to see if I can fix properly upstream by moving around apparmor support in the source code. So there is a catch-22. If we set the profile before the mount, it fail with : Oct 12 00:13:40 test-debian systemd[1121]: Failed at step NAMESPACE spawning /usr/bin/tor: No such file or directory If we set it after, it fail with the previous error. I think someone need to see with upstream apparmor people about the proper way to do that. I will try to see on systemd-devel if someone know why it fail like this. -- Michael Scherer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#760526: Enable AppArmor support (using libapparmor)
On Sun, Oct 12, 2014 at 02:23:22AM +0200, Michael scherer wrote: On Sun, Oct 12, 2014 at 01:40:29AM +0200, Michael scherer wrote: So, investigating the problem. The issue is that : ReadOnlyDirectories = / make aa_change_onexec fail with Oct 11 23:22:25 test-debian systemd[1985]: Failed at step APPARMOR spawning /usr/bin/tor: Read-only file system ( once there is proper reporting ). I suspect the issue is upstream, with the ordering of readonly vs apparmor. Adding : ReadWriteDirectories = /proc Seems to fix the issue as well. I am trying to see if I can fix properly upstream by moving around apparmor support in the source code. So there is a catch-22. If we set the profile before the mount, it fail with : Oct 12 00:13:40 test-debian systemd[1121]: Failed at step NAMESPACE spawning /usr/bin/tor: No such file or directory If we set it after, it fail with the previous error. I think someone need to see with upstream apparmor people about the proper way to do that. I will try to see on systemd-devel if someone know why it fail like this. So after a rather long debugging seance, the problem is a false positive. If /var/run/tor do not exist, then it fail to mount it, obviously. And I gues it doesn't existe because /var/run is on a tmpfs, and I didn't create the proper configuration to create it on boot. So yeah, putting apparmor code before namespace code is the proper fix. I am gonna send it upstream, and then up to you to decide either to backport/adapt, or to just work around with /proc being rw. -- Michael Scherer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#760526: Enable AppArmor support (using libapparmor)
So yeah, putting apparmor code before namespace code is the proper fix. I am gonna send it upstream, and then up to you to decide either to backport/adapt, or to just work around with /proc being rw. Patch sent upstream : http://lists.freedesktop.org/archives/systemd-devel/2014-October/023909.html -- Michael Scherer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#760526: Enable AppArmor support (using libapparmor)
Unfortunately, it seems the error code of aa_change_onexec is not propagated, which is a bug ( my fault, will correct upstream ). In the mean time, I guess we will have to use strace and/or gdb to get it and see what is going on. I will try to take a look later, once I can find a VM to debug it. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#707243: Does anything break?
Le jeudi 08 août 2013 à 18:01 +0200, Mika Pflüger a écrit : Hi, does anything break, or is it just a spurious AVC denial? Hi, I didn't look, and as I didn't enable selinux in enforcing mode due to others issues, I do not know if it break irqbalance. Looking closely, there is no call to getsched in the irqbalance source code. And to be honest, I have no idea how I could measure irqbalance effects, given I have a single processor server running debian. I do not think that's a big deal security wise to allow it ( https://lists.fedoraproject.org/pipermail/selinux/2011-July/013978.html ), but I do not know if irqbalance need it to work. Fedora do seems to have a different policy, and do not have the issue. If no important functionality of irqbalance is lost, it may not be worth fixing this in stable, we could just forward a fix upstream and wait until it trickles back to debian. Well, the less AVC it generate, the better it is for debugging of selinux policy. -- Michael Scherer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#707293: default (chrooted) configuration of postfix is not supported by selinux policy; won't be
Le jeudi 08 août 2013 à 18:11 +0200, Mika Pflüger a écrit :
Hi,
as mentioned in the wiki, the debian default configuration of postfix
(chrooted) is not supported by selinux policy. Please use the script
postfix-nochroot to unchroot your configuration.
Hi,
Well, besides the patch I sent, the only missing part in selinux policy
is something to fix this :
type=AVC msg=audit(1375791086.840:4461): avc: denied { sys_chroot }
for pid=23706 comm=pickup capability=18
scontext=system_u:system_r:postfix_pickup_t:s0
tcontext=system_u:system_r:postfix_pickup_t:s0 tclass=capability
So i think integrating my patch would help to work toward a fix. There
is no reason to apply this only on redhat based distribution, so the
patch seems harmless to enable in unstable.
--
Michael Scherer
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#707243: selinux-policy-default: missing permission for irqbalance_t
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Hi,
on a freshly upgraded wheey, on boot, ircbalance produce a avc :
May 5 14:22:32 venser kernel: [ 11.593105] type=1400
audit(1367756552.598:9): avc: denied { getsched } for pid=549
comm=irqbalance scontext=system_u:system_r:irqbalance_t:s0
tcontext=system_u:system_r:irqbalance_t:s0 tclass=process
Indeed getsched is missing from the set of permission :
/home/misc# sesearch -s irqbalance_t -t irqbalance_t -A -c process
Found 1 semantic av rules:
allow irqbalance_t irqbalance_t : process { fork sigchld sigkill sigstop
signull signal getcap setcap } ;
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol12.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
ii setools 3.3.7-3
Versions of packages selinux-policy-default suggests:
pn logchecknone
pn syslog-summary none
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission
denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#707245: selinux-policy-default: systemd_logind_t cannot access to /sys/fs/cgroup/cpu
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Hi,
on boot, I see this AVC :
May 5 14:28:40 venser kernel: [ 379.071332] type=1400
audit(1367756920.294:11): avc: denied { read } for pid=515
comm=systemd-logind name=cpu dev=tmpfs ino=3309
scontext=system_u:system_r:systemd_logind_t:s0
tcontext=system_u:object_r:cgroup_t:s0 tclass=lnk_file
It seems that systemd try to access to all cgroups in /sys/fs/cgroup/ but there
is now a symlink for cpu :
# ls -lZ /sys/fs/cgroup/
total 0
drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:SystemLow 0 mai5 14:22
blkio
lrwxrwxrwx. 1 root root system_u:object_r:cgroup_t:SystemLow 11 mai5 14:22
cpu - cpu,cpuacct
lrwxrwxrwx. 1 root root system_u:object_r:cgroup_t:SystemLow 11 mai5 14:22
cpuacct - cpu,cpuacct
drwxr-xr-x. 3 root root system_u:object_r:cgroup_t:SystemLow 0 mai5 14:22
cpu,cpuacct
drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:SystemLow 0 mai5 14:22
cpuset
drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:SystemLow 0 mai5 14:22
devices
drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:SystemLow 0 mai5 14:22
freezer
drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:SystemLow 0 mai5 14:22
net_cls
drwxr-xr-x. 2 root root system_u:object_r:cgroup_t:SystemLow 0 mai5 14:22
perf_event
drwxr-xr-x. 4 root root system_u:object_r:cgroup_t:SystemLow 0 mai5 14:22
systemd
So the policy should be extended to also take in account the symlinks :
# sesearch -s systemd_logind_t -A -t cgroup_t
Found 2 semantic av rules:
allow systemd_logind_t cgroup_t : file { ioctl read write create getattr
setattr lock append unlink link rename open } ;
allow systemd_logind_t cgroup_t : dir { ioctl read write create getattr
setattr lock unlink link rename add_name remove_name reparent search rmdir open
} ;
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol12.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
ii setools 3.3.7-3
Versions of packages selinux-policy-default suggests:
pn logchecknone
pn syslog-summary none
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission
denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#707246: selinux-policy-default: dmesg produce AVC when trying to access to /etc/locale.alias
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Hi,
Having decided to give a test at SElinux, I have installed a debian 6.0 and
later
upgraded to 7.0. As recommended on the wiki, I first did a boot with selinux in
permissive mode to see if there is potential errors, and found several AVC.
On boot, it seems something is running dmesg in a confined domain :
[ 11.562532] type=1400 audit(1367756552.570:6): avc: denied { read } for
pid=626 comm=dmesg name=locale.alias dev=sda1 ino=394340
scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:etc_t:s0
tclass=file
[ 11.562557] type=1400 audit(1367756552.570:7): avc: denied { open } for
pid=626 comm=dmesg name=locale.alias dev=sda1 ino=394340
scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:etc_t:s0
tclass=file
[ 11.562617] type=1400 audit(1367756552.570:8): avc: denied { getattr } for
pid=626 comm=dmesg path=/etc/locale.alias dev=sda1 ino=394340
scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:object_r:etc_t:s0
tclass=file
And domain system_u:system_r:dmesg_t:s0 cannot read /etc/locale.alias, as that
file is not labeled to something special.
I assume that it should be labeled locale_t, since dmesg has access to that
domain :
# sesearch -s dmesg_t -A -c file -t locale_t
Found 1 semantic av rules:
allow dmesg_t locale_t : file { ioctl read getattr lock open } ;
There is however no side effect to the AVC, except noise.
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol12.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
ii setools 3.3.7-3
Versions of packages selinux-policy-default suggests:
pn logchecknone
pn syslog-summary none
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission
denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#707247: selinux-policy-default: systemd_logind_t produce AVC when trying to communicate with sshd over dbus
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Hi,
Booting a system with systemd and SElinux, i have seen the following AVC :
May 5 14:22:36 venser dbus[511]: avc: denied { send_msg } for
msgtype=method_return dest=:1.2 spid=515 tpid=647
scontext=system_u:system_r:systemd_logind_t:s0
tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=dbus
I have no idea of why it does try to speak to sshd over dbus. I suspect it to
be due to some pam module used
there, and looking at Fedora policy, there is much more rules regarding dbus
for systemd_logind_t than
on Debian, and there is indeed this one :
allow systemd_logind_t sshd_t : dbus send_msg ;
Without this, pam_systemd complain about :
May 08 16:32:36 venser.ephaone.org sshd[28404]: pam_systemd(sshd:session):
Failed to create session: Access denied
and I guess this prevent pam_systemd from working properly ( ie, you do not
have 1 cgroups hierarchy per user,
no way to kill all the process on logout, etc, etc ).
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol12.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
ii setools 3.3.7-3
Versions of packages selinux-policy-default suggests:
pn logchecknone
pn syslog-summary none
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission
denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#707246: patch for adding the proper file context
Control: tags -1 + patch Index: refpolicy-2.20110726/policy/modules/system/miscfiles.fc === --- refpolicy-2.20110726.orig/policy/modules/system/miscfiles.fc 2011-03-28 17:05:16.0 +0200 +++ refpolicy-2.20110726/policy/modules/system/miscfiles.fc 2013-05-08 17:02:45.569766274 +0200 @@ -18,6 +18,10 @@ /etc/sysconfig/clock -- gen_context(system_u:object_r:locale_t,s0) ') +ifdef(`distro_debian',` +/etc/locale.alias -- gen_context(system_u:object_r:locale_t,s0) +') + # # /opt #
Bug#707243: patch to add proper permissions
Control: tags -1 + patch
Index: refpolicy-2.20110726/policy/modules/services/irqbalance.te
===
--- refpolicy-2.20110726.orig/policy/modules/services/irqbalance.te 2013-05-08 17:09:18.225769368 +0200
+++ refpolicy-2.20110726/policy/modules/services/irqbalance.te 2013-05-08 17:09:49.085771413 +0200
@@ -19,7 +19,7 @@
allow irqbalance_t self:capability { setpcap net_admin };
dontaudit irqbalance_t self:capability sys_tty_config;
-allow irqbalance_t self:process { getcap setcap signal_perms };
+allow irqbalance_t self:process { getcap setcap signal_perms getsched };
allow irqbalance_t self:udp_socket create_socket_perms;
manage_files_pattern(irqbalance_t, irqbalance_var_run_t, irqbalance_var_run_t)
Bug#707293: selinux-policy-default: selinux prevent rsyslog from creating /dev/log in the postfix chroot
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Hi,
Using the default postfix configuration and selinux, there is several AVC in
the logs like this
avc: denied { write } for pid=548 comm=rsyslogd name=dev dev=sda1
ino=137040 scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:postfix_spool_t:s0 tclass=dir
avc: denied { add_name } for pid=548 comm=rsyslogd name=log
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:postfix_spool_t:s0 tclass=dir
avc: denied { create } for pid=548 comm=rsyslogd name=log
scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:postfix_spool_t:s0 tclass=sock_file
avc: denied { setattr } for pid=548 comm=rsyslogd name=log dev=sda1
ino=131515 scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:object_r:postfix_spool_t:s0 tclass=sock_file
I think the issue is because /var/spool/postfix/dev/log is not properly
labelled in the policy. I will attach a untested patch
to that bug report.
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=ANSI_X3.4-1968)
(ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol12.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
ii setools 3.3.7-3
Versions of packages selinux-policy-default suggests:
pn logchecknone
pn syslog-summary none
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission
denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#707293: patch that set the proper label on the file /var/spool/postfix/dev/log
Control: tags -1 + patch Index: refpolicy-2.20110726/policy/modules/system/logging.fc === --- refpolicy-2.20110726.orig/policy/modules/system/logging.fc 2013-05-08 22:16:18.577828083 +0200 +++ refpolicy-2.20110726/policy/modules/system/logging.fc 2013-05-08 22:17:11.325825909 +0200 @@ -74,9 +74,10 @@ ifdef(`distro_redhat',` /var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0) /var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0) -/var/spool/postfix/dev/log -s gen_context(system_u:object_r:devlog_t,s0) ') +/var/spool/postfix/dev/log -s gen_context(system_u:object_r:devlog_t,s0) + /var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh) /var/run/audispd_events -s gen_context(system_u:object_r:audisp_var_run_t,mls_systemhigh) /var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
Bug#491723:
It seems the package was not uploaded to experimental, or I am unable to find it ? Is there something blocking upload ? -- Michael Scherer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#440656: ocsinventory-reports: help icon lead to a 403 error
Package: ocsinventory-reports Version: 1.01-2 Severity: normal After installing the ocsreports interface, without changing anything to the apache configuration, you cannot access to the documentation, by clicking on the leftmost icon, pointing on http://$SERVER/doc/ocsinventory-reports/guide.pdf.gz -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.18-5-686 (SMP w/1 CPU core) Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages ocsinventory-reports depends on: ii apache2 2.2.4-3Next generation, scalable, extenda ii apache2-mpm-prefork [apache2] 2.2.4-3Traditional model for Apache HTTPD ii dbconfig-common 1.8.36 common framework for packaging dat ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy ii libapache2-mod-php5 5.2.3-1+b2 server-side, HTML-embedded scripti ii php5 5.2.3-1server-side, HTML-embedded scripti ii php5-mysql5.2.3-1+b2 MySQL module for php5 ii ucf 3.001 Update Configuration File: preserv Versions of packages ocsinventory-reports recommends: ii libdbd-mysql-perl 4.005-1A Perl5 database interface to the ii libdbi-perl 1.58-2 Perl5 database interface by Tim Bu ii libnet-ip-perl1.25-2 Perl extension for manipulating IP ii libxml-simple-perl2.18-1 Perl module for reading and writin pn nmap none (no description available) ii ocsinventory-server 1.01-2 Hardware and software inventory to pn php5-gd | php4-gd none (no description available) pn samba-common none (no description available) -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#322446: rawdog should suggest python2.3-xml or another parser
Le Mercredi 10 Août 2005 20:02, vous avez écrit : Can you save this into a (preferably minimal) test case? del.icio.us moves too fast to be particularly reliable for this. I used the del.icio.us feed of my bookmark, so it should not change unless I say so. The problem was reproduced by a friend yesterday using differents feeds on debian unstable. But now, I cannot reproduce the bug after I installed one of the python-xml package, even if I remove and purge it, and it does not appears on every new installation I try with the same configuration. The same happens on the other computer where the bug appeared ( on unstable ) I have not looked more once I found that the problem was due to the xml parser, and I can no longer debug since I cannot reproduce it. So, maybe it was some weird transition problem or something wrong somewhere in some python module, some .pyc or .pyo left from some upgrade. Since it was reproductible on another computer, I didn't look further. Sorry for the noise. I think the bug report should be closed -- Michael Scherer
Bug#322446: rawdog should suggest python2.3-xml or another parser
Package: rawdog Version: 2.4-1 Severity: important Installing rawdog on a system without any python xml packages result in a error : [EMAIL PROTECTED] misc] $ rawdog -u Feed:http://del.icio.us/rss/misc Error parsing feed. The debugger show the error comes from feedparser.py, when parsing the xml feed. The installation of python2.3-xml or python2.3-libxml2 solved the problem. But now, I cannot reproduce it even when I remove python2.3-xml or python2.3-libxml2. The various parser that could be used should be listed as Recommend: or Suggest: -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.27-zarb1 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages rawdog depends on: ii python2.3.5-2An interactive high-level object-o -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
