On Mon, Feb 05, 2018 at 08:20:54AM +0100, intrigeri wrote:
> intrigeri:
> > A) drop the child profiles (groff, filter), merge their rules into the
> >main /usr/bin/man profile, and use ix instead of Cx; these rules
> >are not particularly scary so this doesn't seem crazy an option
>
> I ha
Control: tag -1 + patch
intrigeri:
>> B) remove the AppArmor profile entirely and rely on seccomp instead
>> C) don't enable "no new privs" and rely on AppArmor instead
> I think B is fine given all the non-AppArmor hardening efforts Colin
> has been putting into man-db recently.
There we go: ht
Processing control commands:
> tag -1 + patch
Bug #889608 [man-db] man-db: man(1) dumps core (AppArmor involved)
Bug #889617 [man-db] man-db: all man pages fail to display with "command exited
with status 4"
Added tag(s) patch.
Added tag(s) patch.
--
889608: https://bugs.debian.org/cgi-bin/bugr
intrigeri:
> A) drop the child profiles (groff, filter), merge their rules into the
>main /usr/bin/man profile, and use ix instead of Cx; these rules
>are not particularly scary so this doesn't seem crazy an option
I had a closer look and what's scary is not the rules that can be
found in
Hi,
gregor herrmann:
> drop_effective_privs()
> ++priv_drop_count = 1
> man: command exited with status 4: /usr/lib/man-db/zsoelim |
> /usr/lib/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e
> UTF-8 | tbl
> | nroff -mandoc -rLL=146n -rLT=146n -Tutf8
> hashtable_free: 9 entries,
On Sun, 04 Feb 2018 23:32:38 +, Colin Watson wrote:
> On Sun, Feb 04, 2018 at 11:42:57PM +0100, gregor herrmann wrote:
> > Since the upgrade to 2.8.0-1, man(1) is not really cooperative:
> Does MAN_DISABLE_SECCOMP=1 help?
Yes, `MAN_DISABLE_SECCOMP=1 man man' just works.
> I may have made t
Processing control commands:
> severity -1 grave
Bug #889608 [man-db] man-db: man(1) dumps core (AppArmor involved)
Severity set to 'grave' from 'important'
--
889608: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889608
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
7 matches
Mail list logo
