Cryptsetup and systemd use different format options for /etc/crypttab. If you
add systemd specific options then cryptsetup gives error messages which
surprise users. Casual web searches on the topic don't make it obvious that
there are 2 different programs doing quite different things with
Package: matrix-synapse
Version: 1.72.0-1
Severity: normal
I have 2 accounts on different Matrix-synapse instances on different VMs on the
same hardware. For a while they have been working well. Now I can't talk from
an account one one of them to an account on another. It happened after (but
Package: matrix-synapse
Version: 1.72.0-1
Severity: normal
Tags: upstream
/usr/bin/synapse_register_new_matrix_user -u $1 -p $2 -a -k $PASS
I run the above command to create a new users, it's in a script that has been
working since April on one server and since 2020 on another. Now it gives
the
Please send me a patch to use autopkgtest and I'll include it.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
severity 1012841 wishlist
thanks
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
close 1012686
thanks
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012503
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
type firewalld_tmpfs_t;
files_tmpfs_file(firewalld_tmpfs_t)
fs_tmpfs_filetrans(firewalld_t, firewalld_tmpfs_t, file)
manage_files_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t)
allow firewalld_t firewalld_tmpfs_t:file { map execute };
allow firewalld_t self:netlink_netfilter_socket {
close 962007
thanks
Below is from a Bullseye system. This was fixed after Buster, so Buster is
still missing this.
# sesearch -A -s openvpn_t -t openvpn_var_run_t -c sock_file
allow openvpn_t openvpn_runtime_t:sock_file { append create getattr ioctl link
lock open read rename setattr unlink
close 960960
thanks
Appears to be fixed in Bullseye and unstable.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
) unstable; urgency=medium
* Policy update, lots of little things and allows the signull access that
systemd-journal from the latest systemd wants.
-- Russell Coker Thu, 30 May 2019 10:28:24 +1000
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
close 900782
thanks
Works in unstable now.
root@unstable:~# cat /etc/fstab
/dev/vda/ ext4 noatime,nodev 0 1
/dev/vdbnoneswappri=0 0 0
tmpfs /tmp tmpfs rootcontext=system_u:object_r:tmp_t:s0 0 0
root@unstable:~# df -h /tmp
close 878345
close 888967
close 900186
close 933858
close 959803
close 728950
close 758083
close 860532
close 871704
close 890208
thanks
Lots of things have changed and been fixed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
close 962842
thanks
Apache has always been allowed to connect to mysql, usually with a boolean
controlling it.
In this case MariaDB is mislabeled, run "ps axZ|grep maria" and you will see
it's in the wrong context, run "ls -lZ /usr/sbin/mariadbd" and you will
probably find it doesn't have the
close 962238
thanks
Recent versions of the policy allow this, not sure when it was fixed.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
close 879037
thanks
I can't reproduce this and I think it was fixed amongst all the systemd policy
changes before Buster.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
https://salsa.debian.org/selinux-team/refpolicy/-/merge_requests/10
The above merge request has transitions from init_t to user domains, in what
situation is that needed with selinux-policy-default version 2.20210203-7?
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog
, and ping_t to use unallocated ttys (for sysadmin
+login on boot failure)
+ * Allow ntpd_t to start and stop generic units when systemd is used, for
+systemd-timesyncd.
+
+ -- Russell Coker Mon, 04 Oct 2021 15:06:54 +1100
+
refpolicy (2:2.20210203-7) unstable; urgency=medium
Package: ima-evm-utils
Version: 1.1-1+b1
Severity: normal
The new upstream version appears to fix 2 of the bugs reported against the
current version. It also has TPM 2.0 support, TPM 1.2 support, and lots of
other changes since 1.1 was released in 2018.
Can I do a NMU of 1.3.2 if you don't have
. Dontaudit
+fsadm_t inheriting file handles from mon_t.
+ * Allow fsadm_t to do a file type trans for creating
+/dev/megaraid_sas_ioctl_node
+ * Allow java_t to exec bin_t and lib_t files for jspawnhelper, and to read
+cgroup files. Needed for JRE 17
+
+ -- Russell Coker Mon, 14 Jun 2021
for MegaRAID AKA PERC support and
+added support for NVMe devices
+
+ -- Russell Coker Mon, 07 Jun 2021 16:34:01 +1000
+
etbemon (1.3.5-5) unstable; urgency=medium
* Make the deleted-mapped check avoid perl privsep processes, don't want
reverted:
--- etbemon-1.3.5/debian/control
Package: ima-evm-utils
Version: 1.1-1+b1
Severity: normal
Tags: patch
If you run "evmctl -r sign --rsa --hashalgo sha256 /usr" or a similar big
subtree it will take a large amount of time due to running blkid once for
each file.
The following patch caches the last check. It is not as optimised
Package: postfix-policyd-spf-perl
Version: 2.011-1.1
Severity: normal
https://www.getmailbird.com/what-spf-resources-are-available-now-that-openspf-org-is-gone/
According to the above URL openspf.org disappeared in early 2019.
Jun 7 05:18:38 itmustbe postfix/policy-spf[2667136]: Policy
process access setcap and signal and
+cap_userns access sys_admin and sys_chroot.
+Allow chromium_t to read alsa config.
+
+ -- Russell Coker Sat, 08 May 2021 17:55:06 +1000
+
refpolicy (2:2.20210203-5) unstable; urgency=medium
* Add policy for rasdaemon
diff -Nru refpolicy-2.20210203
Package: grub-common
Version: 2.04-17
Severity: normal
Tags: upstream
root@xev:/# /usr/sbin/grub-probe --target=device /boot
/dev/sdh1
root@xev:/# chcon -t user_home_dir_t /boot
root@xev:/# /usr/sbin/grub-probe --target=device /boot
/usr/sbin/grub-probe: error: failed to get canonical path of
This happens on the latest Debian/Testing when booting a HP ML110 Gen9 with
EFI, the screen goes gray and nothing happens when it tries to boot
Memtest86+.
An example of GRUB code to not show the Memtest86+ menu item when booted from
EFI was given, why can't that be used?
--
My Main Blog
tags 986917 patch
thanks
The following patch makes it stop crashing. The problem is that the code
treats a file for the ima_measurement command as being valid without any
checks and if the entry.header.pcr is ridiculously large then we access
some random memory. There are probably several
buffer size)
+
+ -- Russell Coker Fri, 09 Apr 2021 23:02:14 +1000
+
refpolicy (2:2.20210203-4) unstable; urgency=medium
* Allow ntpd_t to get the status of generic systemd units
diff -Nru refpolicy-2.20210203/debian/modules.conf.default
refpolicy-2.20210203/debian/modules.conf.default
made it do case-insensitive checks on header field names. Now
+recommends libhash-case-perl as imapnew.monitor depends on it.
+
+ -- Russell Coker Mon, 05 Apr 2021 18:28:52 +1000
+
etbemon (1.3.5-4) unstable; urgency=medium
* Make deleted-mapped.monitor skip programs starting with
/lib
Package: puppet
Version: 5.5.22-2
Severity: normal
Tags: patch upstream
# ps axZ|grep pupp
system_u:system_r:initrc_t:s0 1603 ?Ss 0:00 /usr/bin/ruby
/usr/bin/puppet agent
Because the same program /usr/bin/puppet is used for starting the agent and the
master we can't get the
Package: puppet-master
Version: 5.5.22-2
Severity: normal
Tags: patch upstream
# ps axZ|grep pupp
system_u:system_r:initrc_t:s0 1351 ?Ssl0:00 /usr/bin/ruby
/usr/bin/puppet master
Because the same program /usr/bin/puppet is used for starting the agent and the
master we can't get
Package: ima-evm-utils
Version: 1.1-1+b1
Severity: normal
# evmctl ima_measurement /etc/passwd
Segmentation fault (core dumped)
I think this is because I don't have keys loaded (I'm trying to validate SHA512
hashes on files). But even though I'm probably doing the wrong thing a SEGV is
not an
Thanks for spending so much time on this.
On Saturday, 10 April 2021 9:56:42 PM AEST Bernhard Übelacker wrote:
> Could you please provide which theme you are using,
> or if there are maybe some third party extensions in use?
>
> Maybe you are aware of some not widely used settings
> that you
On Friday, 9 April 2021 23:40:09 AEST Bernhard Übelacker wrote:
> Hello Russel,
> thanks for the fast answer, unfortunately the
> backtrace is not yet enough expressive.
>
> Maybe you could also install the following debug symbol packages?
>
> libqt5qml5-dbgsym libqt5core5a-dbgsym
On Friday, 9 April 2021 23:40:09 AEST Bernhard Übelacker wrote:
> Hello Russel,
> thanks for the fast answer, unfortunately the
> backtrace is not yet enough expressive.
>
> Maybe you could also install the following debug symbol packages?
>
> libqt5qml5-dbgsym libqt5core5a-dbgsym
On Friday, 9 April 2021 19:57:40 AEST Bernhard Übelacker wrote:
> Hello Russell,
> could you still see this issue?
Yes, here's a trace of one I just did for you!
Application: KWin (kwin_x11), signal: Segmentation fault
[KCrash Handler]
#4 0x7f42259bee08 in ?? () from
Package: plasma-workspace
Version: 4:5.20.5-5
Severity: normal
After upgrading this system to Debian/Testing the digital clock widget isn't
available to install. I'll send a screen-shot in an update to this bug.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT
Package: kwin-x11
Version: 4:5.20.5-1
Severity: normal
kwin_x11 will crash if I repeatedly use ALT-TAB to switch between windows.
Once every 5 to 10 window switches it will crash.
# coredumpctl info
PID: 120123 (kwin_x11)
UID: 1000 (etbe)
GID: 1000 (etbe)
After a fresh install of this package on a system with no errors I get the
following immediately after starting the daemon. I've tried deleting the
sqlite database and restarting the daemon and then I get the same result.
# ras-mc-ctl --errors
No Memory errors.
No PCIe AER errors.
No Extlog
systemd_coredump_t to mmap all executables and to have cap_userns
+sys_ptrace access. dontaudit systemd_coredump_t capability net_admin
+ * Allow mailman_queue_t to connect to port 443
+
+ -- Russell Coker Fri, 05 Mar 2021 21:11:58 +1100
+
refpolicy (2:2.20210203-3) unstable; urgency=medium
to prevent relabeling
+Closes: #922448
+ * Make fixfiles avoid trying to relabel tmpfs and other non-permanent
+filesystems
+Closes: #984567
+
+ -- Russell Coker Fri, 05 Mar 2021 20:45:24 +1100
+
policycoreutils (3.1-2) unstable; urgency=medium
[ Laurent Bigonville ]
diff -Nru policycor
Package: policycoreutils
Version: 3.1-2
Severity: wishlist
When it does an autorelabel it labels all tmpfs filesystems along with /sys/*
and other transient filesystems. It should avoid all of those.
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500,
severity 849552 minor
tags 849552 +moreinfo
thanks
Change the severity because it's not that important. Also moreinfo because I
don't even know if that problem still happens or if it happens in the same
way.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog
severity 959022 grave
thanks
I don't think this package is usable in Debian/testing. In the default
configuration there will be no cgroup1 filesystem mounted and it will abort.
Forcing the system to not use cgroup2 will have other consequences which at
least needs documentation.
This is an
Package: src:linux
Version: 5.10.13-1
Severity: normal
$ wc /proc/kallsyms
168114 567685 7891149 /proc/kallsyms
https://dustri.org/b/spectre-exploits-in-the-wild.html
The above article says that Fedora no longer makes kallsyms available to
unprivileged users to make attacks on the kernel more
Package: roundcube
Version: 1.4.10+dfsg.2-1
Severity: normal
# /usr/bin/php7.4 /usr/share/roundcube/bin/cleandb.sh
PHP Fatal error: Uncaught Error: Call to undefined function
mb_internal_encoding() in
/usr/share/roundcube/program/lib/Roundcube/bootstrap.php:86
Stack trace:
#0
Package: selinux-utils
Version: 3.1-2+b2
Severity: normal
gdb /sbin/sefcontext_compile
...
(gdb) r
Starting program: /usr/sbin/sefcontext_compile
/usr/sbin/sefcontext_compile: error while loading shared libraries: cannot make
segment writable for relocation: Permission denied
[Inferior 1
Package: element-desktop
Version: 1.7.18
Severity: normal
Setting up element-desktop (1.7.18) ...
/var/lib/dpkg/info/element-desktop.postinst: line 10: update-desktop-database:
command not found
I got the above when I upgraded this package.
Reading the postinst script you have || true after
SELinuxContext=system_u:system_r:matrixd_t:s0
Another way of solving this is to add the above in the service file. It will
be ignored if you run with SE Linux disabled.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
Package: mailman3-web
Version: 0+20180916-10
Severity: normal
To run a daemon in a unique domain in SE Linux you need a daemon-specific
label on the program that is run. If the ExecStart line directly runs a
program that's not daemon specific (EG uwsgi, perl, bash, etc) then this
doesn't happen.
I had the same problem, when I installed python3-mysqldb the problem went
away. I think that mailman3-web should depend on python3-mysqldb.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
Package: mailman3
Version: 3.3.2-1
Severity: normal
When you run mailman without python3-pymysql installed you get the following:
Traceback (most recent call last):
File "/usr/bin/mailman", line 33, in
sys.exit(load_entry_point('mailman==3.3.2', 'console_scripts', 'mailman')())
File
Package: python3-setools
Version: 4.3.0-1.1+b1
Severity: normal
# sesearch -A -s httpd_t -d httpd_sys_content_t
Traceback (most recent call last):
File "/usr/bin/sesearch", line 20, in
import setools
File "/usr/lib/python3/dist-packages/setools/__init__.py", line 78, in
from
Package: pure-ftpd
Version: 1.0.49-4
Severity: normal
Tags: patch
The following patch is needed to get the run directory correctly labeled
on SE Linux systems. On non-SE systems restorecon won't exist so it won't
change things. On systems that have SE Linux utilities installed but not
enabled
Package: execstack
Version: 0.0.20131005-1.1
Severity: important
root@riscv:~# execstack -q /bin/ls
execstack: "/bin/ls"'s architecture is not supported
When I try to run execstack on riscv I get errors such as the above.
-- System Information:
Debian Release: bullseye/sid
APT prefers
close 963497
thanks
Run "setsebool allow_execmem 1" before running certbot and it will be fine.
After running certbot you can run "setsebool allow_execmem 0". Or you could
run "setsebool -P allow_execmem 1" to make the change continue to apply after
a reboot.
The 2:2.20161023.1-9 policy
close 963495
thanks
Run "setsebool allow_execmem 1" before running certbot and it will be fine.
After running certbot you can run "setsebool allow_execmem 0". Or you could
run "setsebool -P allow_execmem 1" to make the change continue to apply after
a reboot.
There is no good solution to
Package: matrix-synapse
Version: 1.24.0-1~bpo10+1
Severity: normal
The matrix-synapse.service file calls python3 directly for ExecStartPre and
ExecStart. That means that when running SE Linux the daemon will get the
same context as all other instances of python3 being run (IE not a special
I've attached the patch extracted from the list archives.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
By bind mounting every filesystem we want to relabel we can access all
files without anything hidden due to active mounts.
This comes at the
Package: policycoreutils
Version: 3.1-1
Severity: normal
Tags: patch upstream
Patch:
https://lore.kernel.org/selinux/85917790-f0a6-0d57-face-58a6536b1...@gmail.com/
Signed off:
https://lore.kernel.org/selinux/d8630b0c-3a43-8295-9903-f21746c37...@gmail.com/
This change is a good idea and has
Package: libqt5quick5-gles
Version: 5.15.1+dfsg-2
Severity: normal
When I had a system running with libqt5quick5-gles the display was horribly
messed up with missing
icons and KDE window controls. I could work around it by setting
MESA_EXTENSION_OVERRIDE=”-GL_EXT_bgra
Package: initramfs-tools
Version: 0.139
Severity: minor
No gzip in /usr/bin:/sbin:/bin, using gzip
When COMPRESS=zstd is in the configuration file but zstd is not installed I get
the above error.
It should say "No zstd"
-- Package-specific info:
-- initramfs sizes
-rw-r--r--. 1 root root 18M
On Friday, 16 October 2020 1:39:04 AM AEDT Thomas Goirand wrote:
> Though I do understand your point of view, if you don't know anything
> about OpenStack, Ceph, Zookeeper, etc. Truth is, Gnocchi should be
> working better if setup with at least keystone for auth (though Keystone
> is probably the
On Tuesday, 13 October 2020 8:50:29 PM AEDT Thomas Goirand wrote:
> Instead, we could imagine prompting for a UUID if none is set, though
> I'm not really convince that this would be the correct thing to do.
Why not change the package description to indicate that it's not designed for
any
On Tuesday, 13 October 2020 2:38:40 AM AEDT Thomas Goirand wrote:
> > # gnocchi-api
> > 2020-10-12 12:17:56,769 [7662] INFO gnocchi.service: Gnocchi version
> > 4.3.1 /usr/bin/uwsgi: option '--http' is ambiguous; possibilities:
> > '--http-socket' '--http-socket-modifier1'
reopen 971996
thanks
sqlite should work if it's going to be the default. Really it should work in
any case.
If it's not going to work then an error message that gives some clue as to why
would be appropriate.
If it can't work then the code that sets up MySQL for the connection should
also
Here is a patch I wrote for this.
--- /root/api.py 2020-10-12 13:53:40.232782984 +
+++ /usr/lib/python3/dist-packages/gnocchi/cli/api.py 2020-10-12
13:57:34.331311398 +
@@ -89,9 +89,12 @@
# TODO(sileht): When uwsgi 2.1 will be release we should be able
# to use
Package: gnocchi-common
Version: 4.3.1-3
Severity: normal
The resource_id setting has the UUID used for gnocchi-statsd, if you don't use
the statsd then
I don't think setting it does any harm but if you do (which is probably the
common case) then
not setting it automatically just causes more
Package: python3-gnocchi
Version: 4.3.1-3
Severity: normal
# gnocchi-api
2020-10-12 12:17:56,769 [7662] INFO gnocchi.service: Gnocchi version 4.3.1
/usr/bin/uwsgi: option '--http' is ambiguous; possibilities: '--http-socket'
'--http-socket-modifier1' '--http-socket-modifier2'
Using sqlite for the indexer might be an ideal way of doing it. I made the
following change to gnocchi.conf which made it progress to the next stage.
I used the password from the "connection =" line.
# diff -u /etc/gnocchi/gnocchi.conf.orig /etc/gnocchi/gnocchi.conf
---
Package: gnocchi-common
Version: 4.3.1-3
Severity: important
I first installed mariadb-server and mariadb-client on a test VM. I then ran
"apt install gnocchi-common" selected MySQL and no keystone, then the
/var/lib/dpkg/info/gnocchi-common.postinst gave the following error:
2020-10-11
https://github.com/jetmore/swaks/commit/
434f494abcc3558c73efc0e57a4338adeb402253
Here's the upstream fix, which is quite different from my patch.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
The attached patch fixes swaks for daylight savings time.
-> Date: Sun, 04 Oct 2020 10:24:09 +1000
Above is from the output of swaks in Debian/Buster showing a wrong timezone
for Australian Eastern time (Melbourne or Sydney if you want to test). Below
is from the output of the patched
To find the timezone swaks will get the localtime() and gmtime() of the unix
time (seconds since 1970-01-01 00:00:00 UTC), then use timelocal() to convert
both of them back to unix time. The problem is timelocal() does a daylight
savings aware version of the conversion, so if you are in a
Package: mariadb-server-core-10.3
Version: 1:10.3.23-1
Severity: normal
After updating to the latest unstable packages I have an old mysql process left
over. For some
reason debian-sys-maint doesn't work but I have made no changes to that.
# systemctl status mysql.service
● mysql.service -
Package: debian-goodies
Version: 0.84
Severity: normal
systemctl daemon-reexec
systemctl restart systemd-journald.service
systemctl restart systemd-logind.service
After upgrading shared objects that systemd uses the above commands need to be
run to restart the programs that use the old ones.
On Thursday, 16 July 2020 1:45:13 AM AEST Michael Tokarev wrote:
> Russel, what's the purpose of this bugreport,
> what you expect the maintainer to do with it?
Forward upstream, you could work on it yourself, be information for anyone
else who wants to work on it, and be a warning for others
Package: qemu-system-common
Version: 1:5.0-6
Severity: normal
Tags: upstream
The spice video options includes "password=" which is visible on the
kvm/qemu command-line.
While using SASL should solve this problem it is more complex to setup so most
people who use
password authentication for
Package: spice-client-gtk
Version: 0.38-2
Severity: normal
Tags: upstream
The spicy command (and related commands in this package) only allow scripting a
password via the
-w parameter. This means that any program that can run ps on the same system
can see the password.
This may or may not be a
Package: mediawiki
Version: 1:1.31.7-1~deb10u1
Severity: normal
Mediawiki appears to work well with php-fpm, should not force the installation
of php.
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture:
Package: xserver-xorg-core
Version: 2:1.20.4-1
Severity: normal
# ps aux|grep Xorg
root 582 0.3 0.8 340884 50468 tty7 Ssl+ Jun01 82:02
/usr/lib/xorg/Xorg -nolisten tcp -auth
/var/run/sddm/{f66ea786-13c9-4499-95f6-f7bdce850668} -background none -noreset
-displayfd 17 -seat seat0
Package: squirrelmail
Version: 2:1.4.23~svn20120406-2
Severity: normal
Squirrelmail depends on libapache2-mod-php5 | php5 | php5-cgi (which are not
in Stable) but appears to work fine with php7.3.
Php7.3 has new security features and upstream security support, so it would be
good if we could
Package: squirrelmail
Version: 2:1.4.23~svn20120406-2
Severity: normal
When mail is from someone with UTF8 encoded name such as
"=?UTF-8?B?QW5kcsOp?= " the sender is not displayed.
When mail has a UTF8 subject such as
"=?UTF-8?Q?Re=3a_A_blast_from_the_past_=f0=9f=98=8e?=" the subject is not
if this is incorrect.
Using 'Russell Coker ' as your from address.
Getting status for tor...
Verifying package integrity...
Checking for newer versions at madison...
I have reportbug hang for HOURS at the above line when trying to talk to
madison via IPv6. It has an IPv6 https connection open. The root cause
Package: tor
Version: 0.4.3.5-1
Severity: normal
After upgrading tor to the version in Unstable on two systems they both don't
start it on boot, I have to run "systemctl restart tor@default.service" to
start it.
I expect it to just start on boot, as it did previously.
-- System Information:
Package: roundcube
Version: 1.3.11+dfsg.1-1~deb10u1
Severity: normal
The package install asks questions about MySQL but there's no option for
specifying sqlite. As sqlite is simpler it should be able to configure all
sqlite stuff if the user selects sqlite as database type.
For reference
Package: klibc-utils
Version: 2.0.7-1
Severity: normal
root@sevm:~/pol# /usr/lib/klibc/bin/fstype < /dev/sda2
Segmentation fault
root@sevm:~/pol# execstack -c /usr/lib/klibc/bin/fstype
root@sevm:~/pol# /usr/lib/klibc/bin/fstype < /dev/sda2
FSTYPE=btrfs
FSSIZE=719360278528
The fstype program is
Package: postfix
Version: 3.5.0-2
Severity: normal
This morning one of my test systems automaticallt installed 3.5.0-2 and then
postfix didn't run. The command "/etc/init.d/postfix restart" resulted in
postfix not running and nothing being logged.
Apr 19 06:56:12 sevm postfix/master[913]:
On Thursday, 16 April 2020 1:01:56 AM AEST Sylvestre Ledru wrote:
> Le 15/04/2020 à 15:51, Russell Coker a écrit :
> > Environment="PYTHONNOUSERSITE=yes"
> >
> > Putting the above in the service file fixes the problem.
>
> OK, many thanks :)
> As
Environment="PYTHONNOUSERSITE=yes"
Putting the above in the service file fixes the problem.
--
My Main Blog http://etbe.coker.com.au/
My Documents Bloghttp://doc.coker.com.au/
On Wednesday, 15 April 2020 2:27:33 PM AEST Russell Coker wrote:
> On Wednesday, 15 April 2020 2:36:43 AM AEST Sylvestre Ledru wrote:
> > Could you please reply to
> > https://github.com/fail2ban/fail2ban/issues/2688#issuecomment-613543589 ?
> >
> > (I also looked at
On Wednesday, 15 April 2020 2:36:43 AM AEST Sylvestre Ledru wrote:
> Could you please reply to
> https://github.com/fail2ban/fail2ban/issues/2688#issuecomment-613543589 ?
>
> (I also looked at the code and could not find where /root/.local would be
> loaded)
Done. strace revealed the following:
On Saturday, 11 April 2020 5:19:00 PM AEST Michael Biebl wrote:
> > type=AVC msg=audit(1586512443.135:71139): avc: granted { unlink } for
> > pid=293 comm="systemd-journal"
> > name="user-1001@165b61313e51499ab58ffd33d611e714--
> > .journal" dev="sdb2" ino=2093618
Source: libsepol
Version: 3.0-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
Gives a compile error about missing flask.h.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
reopen 956435
thanks
On Saturday, 11 April 2020 5:17:44 PM AEST Michael Biebl wrote:
> Does does have a way to delete old coredumps and does it automatically.
>
> $ grep coredump /usr/lib/tmpfiles.d/*
> /usr/lib/tmpfiles.d/systemd.conf:d /var/lib/systemd/coredump 0755 root
> root 3d
>
> Files
On Friday, 10 April 2020 9:30:20 PM AEST Michael Biebl wrote:
> > > Can you find out, how the file was deleted?
> >
> > systemd-journald just decided to do it.
> >
> > I'll put in an audit entry to get an audit log of it.
>
> Any news here?
Yes it's systemd-journald deleting the files.
Package: systemd-coredump
Version: 245.4-3
Severity: normal
Tags: upstream
According to the man page of coredumpctl there is no way to delete a core dump
that it manages. If you find the file name and rm it then it stays in the
output of "coredumpctl list" with status "missing".
It's a
Package: boinc-manager
Version: 7.16.5+dfsg-1exp1
Severity: normal
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953613
Previously I used the -g option to connect to a different port on localhost
for each boinc server (redirected via a ssh tunnel to the real server). I
filed the above bug
Package: fail2ban
Version: 0.11.1-1
Severity: normal
type=AVC msg=audit(1586313861.749:37): avc: denied { search } for pid=704
comm="fail2ban-server" name=".local" dev="sdb2" ino=31516
scontext=system_u:system_r:fail2ban_t:s0
tcontext=unconfined_u:object_r:xdg_data_t:s0 tclass=dir
Given the plans for a 3.1 release soon (maybe 2 weeks) I suggest doing nothing
about these bugs until 3.1 is released to fix them.
-- Forwarded Message --
Subject: Re: libsepol releases
Date: Tuesday, 7 April 2020, 6:59:22 PM AEST
From: Petr Lautrbach
To: Russell Coker
CC
It has started giving the correct timezone offset shortly after 1PM (my network
monitoring scripts reported that mail didn't have a 1 hour delay then).
So it seems that swaks (or maybe the Perl libraries it uses) was about 10 or
11 hours late in recognising the daylight savings change. Maybe
101 - 200 of 1335 matches
Mail list logo
