Your message dated Wed, 30 May 2018 17:11:31 +0200
with message-id <ae0cb183-e248-3b95-fef6-583bf035a...@debian.org>
and subject line Re: mcstrans: Running mcstrans triggers 849748 and is the most
serious SE Linux problem
has caused the Debian Bug report #849787,
regarding mcstrans: Running mcstrans triggers 849748 and is the most serious SE
Linux problem
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
849787: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849787
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mcstrans
Version: 2.6-2
Severity: critical
Tags: upstream
Justification: breaks unrelated software
While mcstrans has no problems for what it does, it triggers bad interactions
between systemd, dbus, and SE Linux. I don't think it is possible to properly
solve these issues before the sid is frozen. Therefore I think that mcstrans
should be removed from testing and not offered for installation in the next
stable release.
At this time this is the most serious problem we have with SE Linux in Debian.
As an aside by default Fedora doesn't run mcstrans. I don't know whether it's
for the same reason, but in any case Fedora users are surviving well enough
without it.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages mcstrans depends on:
ii init-system-helpers 1.46
ii libc6 2.24-8
ii libcap2 1:2.25-1
ii libpcre3 2:8.39-2
ii libselinux1 2.6-3
ii lsb-base 9.20161125
ii selinux-utils 2.6-3
mcstrans recommends no packages.
mcstrans suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
On Sat, 31 Dec 2016 12:52:44 +1100 Russell Coker <russ...@coker.com.au>
wrote:
>
> While mcstrans has no problems for what it does, it triggers bad
interactions
> between systemd, dbus, and SE Linux. I don't think it is possible to
properly
> solve these issues before the sid is frozen. Therefore I think that
mcstrans
> should be removed from testing and not offered for installation in
the next
> stable release.
>
> At this time this is the most serious problem we have with SE Linux
in Debian.
>
> As an aside by default Fedora doesn't run mcstrans. I don't know
whether it's
> for the same reason, but in any case Fedora users are surviving well
enough
> without it.
IMVHO that bug can be closed.
dbus-daemon still uses the non raw functions with the old API but the
new API should do the right thing.
IIRC the main issue was with systemd I believe and systemd uses the new
D-Bus API so everything should work.
If other applications are failing for the same reason, they should
probably switch to the "raw" variant of the get*con functions
Russell, do you think you could have a try again? If it's working you
should maybe remove the Conflits from refpolicy as well?
Kind regards,
Laurent Bigonville
--- End Message ---
_______________________________________________
SELinux-devel mailing list
SELinux-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel
