Bug#986354: Re[2]: Bug#986354: hardening-runtime breaks upowerd which affects default installation

2021-04-05 Thread Yves-Alexis Perez
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, 2021-04-04 at 22:59 +0930, Andrew Savchenko wrote:
> ```
> WARNING!
> 
> This package sets restrictive permissions on a number of directories.
> 
> While this is beneficial to the system security, it might lead to situation
> where an application is unable to access a certain path.
> 
> Please use `reportbug` shall you encounter any.
> ``` 

That doesn't really look good to me. First, it seems that the issue isn't with
directory permissions here, and second, there are already a warning about
performance or usability issues.

Maybe this could be worded differently but I don't thnk it's really
sustainable to list each and every issue which might arrise with various
stuff, unfortunately.

It might be worth listing known issues and potential fixes in a specific file
in /u/s/d/hardening-runtime (README.Debian or a new file) though, if you can
propose something.

Regards,
- -- 
Yves-Alexis
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmBq0ygACgkQ3rYcyPpX
RFtWCAgAnSH6gLlqqfWbZo4KmKCRPJRDovvsc1X/TIxrAuOvFNRweiliR7Q7dkAe
ZuRg+6+RmTyh5dXJko4+xddjb7+AvQAkJvxVa7zM+v6L02+n6hs+waZmFgZKeQuA
/m4zRSuprwSbv+1eymI3gDeBPPrhCLG9JXxTu1/ARgJxKHaDNpojLO3dueuz1WSE
vh4yA42snTUHc/Y74MWTHfp14foDdUTl1RqjHvxPnaDN2Qblj1Pskbj7VNWYsFQf
77DIE2tI4dsWejjbjDcV5aJl+Vup/ouWWIMokTURfER9JYQdJv3NUaGVLXoqtUOu
O/vagCy0GCw2IabgI4b6F/KAetzoow==
=0Dm3
-END PGP SIGNATURE-



Bug#986354: Re[2]: Bug#986354: hardening-runtime breaks upowerd which affects default installation

2021-04-04 Thread Andrew Savchenko
Hello Yves-Alexis,

Sunday, April 4, 2021, 6:09:22 PM, you wrote:

> Hi, could you detail which permissions and from where? I'm aware of the issue
> with user namespaces but not from the permissions.

Indeed, user namespaces were to blame.

> There's already a small warning in the package long description, do you have
> something specific in mind? Could you propose a wording?

```
WARNING!

This package sets restrictive permissions on a number of directories.

While this is beneficial to the system security, it might lead to situation
where an application is unable to access a certain path.

Please use `reportbug` shall you encounter any.
``` 


-- 
Regards,
A