/ binutils 2.18
The attached patch solves the problem for me, but I don't know the
(intended) dependencies between libcompat, libdpkg and $(LIBINTL).
Regards
Andreas Florath
==
diff -r -u dpkg-1.14.18_orig/dpkg-deb/Makefile.am
dpkg
. So it is impossible that one client fetches
files that are dedicated to another client.
Example: The line
^(\S+)$ $I/$0
allows that each client has access to exactly the one well defined
directory (base dir appended with the client's IP address).
Regards
Andreas Florath
in the
xen-unstable.hg (see
http://xenbits.xensource.com/xen-unstable.hg?rev/7fd49c55c0b0).
The xenapi.PBD.create() is mostly one step to create a new
vm, so the XenAPI can currently not be used to create new VMs.
It would be great to add the patch to the lenny package.
Kind regards
Andreas
of the
RAID and the others should continue working.
I'm not sure if this matters, but all four disks are WD disks which
report physical sector size of 4096 byte.
If you have any further questions, please drop me a mail.
Kind regards
Andreas Florath
Nov 14 18:50:10 peleus kernel: [ 989.048138] JBD2
me mail.
Kind regards - Andreas Florath
--- Package Information ---
# dpkg -l | grep squid
ii squid-langpack 20100628-1
Localized error pages for Squid
ii squid3 3.1.6-1.2A
full featured Web Proxy cache (HTTP proxy)
ii
Package: opensc
Version: 0.13.0-3
Severity: normal
Dear Maintainer,
when using opensc-pkcs11.so with ssh, ssh dumps a core:
$ ssh -I opensc-pkcs11.so florath@10.0.0.25
Segmentation fault (core dumped)
gdb /usr/bin/ssh core.4318
GNU gdb (GDB) 7.6.2 (Debian 7.6.2-1)
Copyright (C) 2013 Free
Hello!
I compiled the opensc with debug symbols and get the following:
$ gdb /usr/bin/ssh
GNU gdb (GDB) 7.6.2 (Debian 7.6.2-1)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to
Source: pgrouting
Followup-For: Bug #757786
Dear Maintainer,
just a short note: I was able to build the packages
postgresql-9.4-pgrouting_2.0.0-3_amd64.deb
postgresql-9.4-pgrouting-doc_2.0.0-3_all.deb
from
git://anonscm.debian.org/pkg-grass/pgrouting.git
commit
Hello!
After some experiments it was somewhat clear for me that this must
be a SELinux or policy 'problem'. The problem is, that the things
are set up during boot time and I did not receive any hint what
was going on.
Therefore I disabled the 'virtio_net' module during boot, set
the system to
'
-- no debconf information
diff --git a/debian/changelog b/debian/changelog
index 84e0a65..22e0a1d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+refpolicy (2:2.20140421-5) unstable; urgency=medium
+
+ [ Andreas Florath ]
+ * Allow udev_t to use systemd_unit_file_t
/changelog
index a9ab1c7..8a98632 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+setools (3.3.8-4) unstable; urgency=medium
+
+ [ Andreas Florath ]
+ * secmds/replcon.cc: Fixed prototype of lsetfilecon_raw.
+(Closes: #750331)
+
+ -- To Be Filled In t...@example.com Sun
Package: policycoreutils
Followup-For: Bug #731212
Hello Russell,
I was not able to reproduce this with the current policycoreutils
(2.3-1) from Jessie.
To reproduce it, I wrote a small script (see attached). Run
the commands about 50.000 times without any problems.
Would it be possible to
/system/ifup@.service
+which has the context
+ system_u:object_r:systemd_unit_file_t:SystemLow
+in the same manner as the init scripts.
+(init_t is e.g. used for 'auto eth0', udev_t for 'allow-hotplug eth0')
+
+Signed-off-by: Andreas Florath an...@flonatel.org
+
+Index: refpolicy-experimental/policy
Package: selinux-policy-default
Version: 2:2.20140421-4
Severity: normal
Dear Maintainer,
installing x11-common fails:
root@debselinux01:~# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded
--- /dev/null
+++ b/debian/patches/1001-systemd-unit-files-can-be-linked-to-dev-null
@@ -0,0 +1,22 @@
+Systemd files can be a link to /dev/null.
+
+Signed-off-by: Andreas Florath an...@flonatel.org
+
+Index: refpolicy-experimental/policy/modules/system/systemd.if
Package: selinux-policy-default
Version: 2:2.20140421-4
Severity: normal
Dear Maintainer,
if SELinux is set to enforcing it is not possible to install sane-utils:
root@debselinux01:~# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root
Package: selinux-policy-default
Version: 2:2.20140421-4
Severity: normal
Dear Maintainer,
installing hddtemp fails:
root@debselinux01:~# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy
Package: selinux-policy-default
Version: 2:2.20140421-4
Severity: normal
Dear Maintainer,
installing openjdk fails if enforcing:
root@debselinux01:~# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory: /etc/selinux
Package: selinux-policy-default
Version: 2:2.20140421-4
Severity: important
Dear Maintainer,
it is impossible to use tools based on or using libvirt when
enforcing is set to on.
root@nestor:~# virsh -c qemu:///system list
error: failed to connect to the hypervisor
error: no connection driver
Hello Mika,
thanks for this hint: but it does not help.
Before I reported the bug, I run audit2allow
with the AVC. Typically, when a appropriate
boolean exists, this is printed.
In this case, there was no hint to a boolean, just:
#= virtd_t ==
allow virtd_t self:process
Hello Mika,
there is also a boolean 'virt_use_execmem' which does
a similar thing (allow execmem and execstack) but in a different
domain: setting this to on does also not change the things.
The attached patched solves the problem for me.
I'm not sure why the 'execstack' was not included in the
Hello!
I had a closer look at the libvirt-bin package:
libvirt_driver_storage.so depends on librados.so, which is known
to use execstack:
https://lintian.debian.org/tags/shlib-with-executable-stack.html
root@nestor:~# ldd /usr/lib/libvirt/connection-driver/libvirt_driver_storage.so
| grep
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Dear Maintainer,
the installation of selinux-policy-src when SELinux is set to enforcing
fails:
# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
SELinux root directory:
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Dear Maintainer,
using systemd from backports (version see below) many AVCs appear in the
logging.
The system is (partially) unusable - e.g. eth0 works not reliable.
This is needed to reproduce the problem:
Install a
Hello!
Looks that this problem also occurs with other packages as well:
$ se_apt-get install -t wheezy-backports systemd
[...]
Adding group `systemd-journal' (GID 104) ...
addgroup: `/usr/sbin/groupadd -g 104 systemd-journal' returned error code 10.
Exiting.
dpkg: error processing systemd
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: important
Dear Maintainer,
after enableing SELinux the eth0 network device is not longer configured
automatically during boot time.
There is a similar bug
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728950
but it differs
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: minor
Dear Maintainer,
after SELinux is set to enforcing the following AVC is logged during boot,
Nevertheless I did not find any problems with the system:
type=1400 audit(1406807193.926:4): avc: denied { read } for pid=1385
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Dear Maintainer,
when SELinux is enabled (set to enforced) and when using systemd some AVCs are
logged:
Jul 31 16:02:42 debtest kernel: [3.292205] type=1400
audit(1406815358.096:4): avc: denied { write } for
Hello Mika,
thanks for your answer. And Yes: you are right.
Just checked the description from backports:
Backports cannot be tested as extensively as Debian stable,
and backports are provided on an as-is basis, with risk of
incompatibilities with other components in Debian stable.
Use with
Hello!
I learned from a comment to another bug
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756731)
that only bugs starting from 'important' will be fixed in stable.
IMHO this bug should be fixed in stable, because it prevents
installing packages that use addgroup when SELinux is set to
Hello Mika,
thank you very much for your detailed explanation.
Looks that I miss some basics here.
I'll try to reproduce the bugs I found with Jessie.
(It might take some time, because I start vacation
in the next days...)
Thanks for your offer about the VMs - but I am able
to setup a VM on my
Hello Mika,
looks that my yesterday's reply was lost - maybe because of the attachments.
Attached to this mail you find the lost mail.
The dhcp module was already loaded:
root@debselinux01:~# sestatus
SELinux status: enabled
SELinuxfs mount:/sys/fs/selinux
Hello Mika,
some more observations:
I found a workaround: Changing 'allowed-hotplug eth0' to
'auto eth0' in /etc/network/interfaces fixes the problem
for me.
In the cases where this problem occurs, the
/sys/class/net/eth0/operstate is 'down'. Therefore the
hotplug function will not pick up the
Hello Laurent,
can you please tell me, why you set this bug to 'done'?
You wrote, that this is 'still a problem in wheezy'. Will this not be fixed in
wheezy?
I do not want to argue against your decision - simply want to understand it.
Kind regards
Andre
--
To UNSUBSCRIBE, email to
Hello!
As suggested, I retested this with Jessie:
There are still some AVCs logged, but these differ from the ones logged in
Wheezy.
Aug 5 09:26:11 debselinux01 kernel: [1.197831] audit: type=1400
audit(1407223571.360:4): avc: denied { net_admin } for pid=166
comm=systemd-tmpfile
Hello!
Some more thoughts to this problem:
@Russel: I think you are right: these AVCs are logged, but (maybe) do
not influence the system.
In one of my earlier mails to this problem, I reported, that this was
not reproducible on Jessie. This is correct - as long as SYSV-init is
used. Today I
Package: libreoffice-core
Version: 1:4.3.1-1
Severity: grave
Justification: renders package unusable
Dear Maintainer,
soffice cores with SIGSEGV during start. (This happens since yesterday's
'apt-get upgrade'.)
$ rm core
$ soffice
$ file core
core: ELF 64-bit LSB core file x86-64, version 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
The problem exists also in versions 4.3.1-2 and 4.3.2~rc2.1.
Some more information:
when using a 'fresh' user configuration, soffice works.
After some comparison and analyze, it looks that the cause is in the file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
Attached the list of packages which were updated two days ago.
Kind regards
Andre
=
Start-Date: 2014-09-23 07:07:59
Commandline: apt-get upgrade
Upgrade: libkrossui4:amd64 (4.14.0-1, 4.14.1-1), libmimic0:amd64 (1.0.4-2.1+b1,
Package: systemd
Version: 215-5+b1
Severity: important
Dear Maintainer,
after upgrading to the latest version of systemd, from time to
time either services are not started or the system startup hangs
completely.
When the system startup hangs, the symptoms are very similar to
the ones reported
Package: selinux-policy-default
Version: 2:2.20140421-9
Followup-For: Bug #756729
Dear Maintainer,
the problem still exists.
Today I installed a complete new VM using the latest testing iso files.
Because there is no selinux-policy-default in testing, I pulled the
version from sid.
Exactly the
Package: selinux-policy-default
Version: 2:2.20140421-9
Followup-For: Bug #757994
Dear Maintainer,
the problem still exists in the current version.
I'm a little bit confused - this is the second bug (I know about)
that was closed because 'it should have been fixed'.
It takes not more than
Package: selinux-policy-default
Version: 2:2.20140421-9
Justification: renders package unusable
Severity: grave
Dear Maintainer,
executing
# lvcreate -l 100%FREE -n 00 bak00
hangs forever when SELinux is set to enforcing. Because the command
never returns it is unclear if the operation
Package: selinux-policy-default
Version: 2:2.20140421-9
Severity: grave
Justification: renders package unusable
Dear Maintainer,
after enabling SELinux it is not possible to use graphical login anymore.
Instead of the desktop the following message appears:
Oh no! Something has gone wrong.
A
Package: selinux-policy-default
Version: 2:2.20140421-9
Severity: normal
Dear Maintainer,
postfix does not start when SELinux is set to enforcing:
root@debian8gi:~# se_apt-get install postfix
[...]
root@debian8gi:~# run_init systemctl start postfix
Authenticating root.
Password:
Hello!
Thanks for reporting this.
The root cause of the problem is, that one .c file is autogenerated by
a script during the build process.
This file is not cleaned during the dh_clean phase.
My suggestion would be to add this file to debian/clean. This fixes the
problem for me.
$ cat
46 matches
Mail list logo