reassign 893697 python3-networkx 1.11-2
severity 893697 serious
tags 893697 + sid buster
thanks
Le 21/03/18 à 11:10, Christian Göttsche a écrit :
Package: setools
Version: 4.1.1-3
Severity: Important
sesearch needs the python module lib2to3 or it fails:
Traceback (most recent call last):
Hello Russell,
Is it expected that the 2.20171228-1 upload doesn't seems to contain the
changes of the 2.20161023.1-10 one?
Do you think it's possible to update the git repository with the last
changes? It's a bit difficult to follow the changes that are happening
(and also to be able to
Le 27/10/17 à 14:40, Laurent Bigonville a écrit :
Le 26/10/17 à 19:17, intrigeri a écrit :
intrigeri:
I'm attaching the equivalent for AppArmor.
Here's a cleaned up v2 (my initial patch had leftovers from a previous
version that included the output of aa-enabled; now that I've stopped
doing
).
This is a bit less elegant, but it seems to do the job and it has the
advantage of not requiring python-selinux.
I guess it's up to the maintainer to choose here.
>From 4bf22d8b52dcebc078281fd200680d95b08b926d Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bi...@debian.org>
Date: Sat, 7 Oct 2
Le 07/10/17 à 17:03, Laurent Bigonville a écrit :
On Fri, 22 Sep 2017 12:26:42 +0200 Laurent Bigonville
<bi...@debian.org> wrote:
[...]
3. If you don't want to shell out, you could use the python selinux
module to retrieve and display the informations (see my little
example at
On Fri, 22 Sep 2017 12:26:42 +0200 Laurent Bigonville <bi...@debian.org>
wrote:
On Sun, 03 Sep 2017 13:26:57 +0200 intrigeri <intrig...@debian.org> wrote:
> > As I am un-knowledgeable on this matter, can you list all the LSMs and
> > the way to identify any of them is ru
refpolicy specific identifiers.
I'm thinking about uploading my patch in unstable in the following days
and then in stable
Cheers,
Laurent Bigonville
diff -u cron-3.0pl1/user.c cron-3.0pl1/user.c
--- cron-3.0pl1/user.c
+++ cron-3.0pl1/user.c
@@ -47,22 +47,31 @@
char *level = NULL;
On Tue, 12 Sep 2017 10:05:33 +0200 Helmut Grohne wrote:
> Source: libsemanage
> Version: 2.7-1
> Tags: patch
> User: helm...@debian.org
> Usertags: rebootstrap
>
> libsemanage Build-Depends on libcunit1-dev. The dependency is only used
> for the test suite and can be skipped
started by
dbus/systemd user session.
In /etc/selinux/default/contexts/users/unconfined_u, could you please
add the following line and try again?
system_r:init_t:s0 unconfined_r:unconfined_t:s0
Regards,
Laurent Bigonville
___
SE
Le 11/04/17 à 16:53, Christian Göttsche a écrit :
I am using the boot flag *checkreqprot=0* without any complications or
policy changes.
@Laurent
if you are willing, one could alter the selinux-activate script to set
the boot flag
I think it's too late now to do that (and I don't know all the
Le 08/03/17 à 05:14, Russell Coker a écrit :
There have been some recent binary NMUs for Stretch to support PIE on i386.
One very important one is gzip. PIE on i386 needs execmod access and given
the number of domains calling gzip and other programs that means allow_execmod
is almost mandatory
Le 07/01/17 à 07:21, Russell Coker a écrit :
On Friday, 6 January 2017 2:09:13 PM AEDT Laurent Bigonville wrote:
I just retested myself and it's working with the kernel from unstable
(apparently you need >= 4.2) and the following line:
genfscon sysfs /devices/system/cpu/online
gen_cont
On Fri, 06 Jan 2017 23:54:37 +1100 Russell Coker
wrote:
> This can't be fixed in policy. Policycoreutils should have an init
script or
> systemd tmpfiles config file to set it.
I just retested myself and it's working with the kernel from unstable
(apparently you need
Le 01/01/17 à 21:47, cgzones a écrit :
I rioted in the debian/rules file and got the build reproducible for me:
https://github.com/cgzones/debian-package-refpolicy/commit/8de642c8d1ddd10c09a1d1521eeb4e0a1da6bfff
I think the only reproducible error was the missing --sort=name option
to the tar
Hi Russell,
Le 27/12/16 à 13:20, Russell Coker a écrit :
The lxc_contents file is in selinux-policy-default and a quick check indicates
that the policy might be ok.
What do we have to do to test it? I can provide root on a test system to
anyone who wants to help test this.
The initial
Le 15/12/16 à 14:13, cgzones a écrit :
Hi,
When working on SELinux login settings, it seems that semanage is not
aware of already existing entries.
Could you please try with libsepol1 2.6-2. I think this is a duplicate
of #846484
Regards,
Laurent Bigonville
On Mon, 3 Mar 2014 14:38:41 -0500 Zack Weinberg <za...@panix.com> wrote:
> On Mon, Mar 3, 2014 at 12:24 PM, Laurent Bigonville
<bi...@debian.org> wrote:
Hi,
[...]
> > I'm not sure this is a bug.
>
> Well, I would ask that you consider two changes
months.
Is this OK for you?
Regards,
Laurent Bigonville
On Fri, 26 Aug 2016 13:41:35 +0200 Christian Seiler <christ...@iwakd.de>
wrote:
> Dear Maintainer,
>
> please provide libselinux1-udeb for use in a d-i environment, since
> libmount depends on libselinux, and open-iscs
severity 829617 wishlist
tag 829617 + jessie
thanks
Le 04/07/16 à 20:37, Klaus Ethgen a écrit :
selinux-policy-default is not available for stable (jessie) than only
for old-stable and testing (and unstable).
Yes the policy was considered too buggy when stable has been released
and thus has
Can you please try the patch that has been attached to the bug and tell
me if it's fixing your issue?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823184#44
Le 13/05/16 à 17:49, Laurent Bigonville a écrit :
Le 13/05/16 à 17:16, Yuri D'Elia a écrit :
On Fri, May 13 2016, Laurent
Le 13/05/16 à 17:16, Yuri D'Elia a écrit :
On Fri, May 13 2016, Laurent Bigonville<bi...@debian.org> wrote:
Again this is supposed to happen at early boot, and at this stage, only
PID1 exists. So I doubt there is a lot of concurrent processes at that time.
But this is not c
re installed and add the
necessary dependencies? Also should this dependency be against
librubyX.X or against the ruby interpreter itself?
I'm thinking about reassigning this to gem2deb pkg.
Cheers,
Laurent Bigonville
___
SELinux-devel mailing
On Mon, 02 May 2016 20:51:55 -0700 Jonathan Yu wrote:
>
> Dear Maintainer,
Hello,
>
> Thank you for your work bringing SELinux to Debian!
>
> I regret that my knowledge of both SELinux and systemd is limited, so
I do not
> know what diagnostics to collect or how to collect
Le 01/05/16 à 21:01, Yuri D'Elia a écrit :
On Sun, May 01 2016, Laurent Bigonville <bi...@debian.org> wrote:
It's only doing this if /proc is not mounted, something that should
happen at early boot.
libselinux needs to determine the status of selinux on the machine. This is
done by r
Le 01/05/16 à 14:00, Yuri D'Elia a écrit :
I'm_not_ happy with the solution here.
This will*still* cause regular userland utilities, such as ls on
Debian, to mount /proc when you least expect it to.
libselinux must just bail gracefully if /proc is not mounted.
It's only doing this if /proc
/root/tmpfiles.d.
> The symlink in question was created in 2012 and I don't know why I
created it
> or if it was created by a script.
>
> A grep of the source code didn't show a reason for this access, there
is no
> match for the string tmpfiles.d in the policycoreutils sou
;
> The error return should happen in cases B, C, and D if it concerns
the warning
> about /etc/mtab.
>
> If the error return doesn't concern the displayed warning about
/etc/mtab then
> it should have an error message telling the user what went wrong.
>
Can you still repr
ot
counting as being on a filesystem of type 'btrfs', according to find
which is called by this script.
I know this is an old bug, but are you still able to reproduce it?
I see that there are some changes related to this to fixfiles script,
but I cannot verify as I'm not using btrfs myself.
Chee
Le 29/02/16 03:46, Russell Coker a écrit :
On Mon, 29 Feb 2016 02:47:04 AM Laurent Bigonville wrote:
Le 28/02/16 11:05, Russell Coker a écrit :
the easiest would be to do like fedora and install the modules directly
in the /var/lib/selinux//100 store instead of copying/loading
them
Le 28/02/16 11:05, Russell Coker a écrit :
the easiest would be to do like fedora and install the modules directly in
the /var/lib/selinux//100 store instead of copying/loading them at
installation time
Do you mean having files in the package under /var/lib? If so that seems like
a FHS
tag 813604 + fixed-upstream
thanks
Hi,
IIRC this has been fixed upstream already and will be part of the 2.5
release
Cheers,
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org
Le 28/12/15 09:55, Willi Mann a écrit :
Hi,
Am 2015-12-28 um 01:28 schrieb Laurent Bigonville:
On Sun, 22 Jun 2014 21:14:55 +0200 Willi Mann <wi...@wm1.at> wrote:
Hi,
I think the script /etc/logwatch/scripts/services/seaudit-report-service
should be shipped in /usr/share/logwatch/s
-devel%40lists.alioth.debian.org
If you are opening a bug related to SELinux integration in Debian, could
you please tag this bug. You can add the following pseudo-headers when
sending the bugreport:
User: selinux-devel@lists.alioth.debian.org
Usertags: selinux
Thanks,
Laurent Bigonville
Le 12/12/15 12:36, Oliver Kirst a écrit :
Hi Laurent,
thanks for your answer. I will try to use the policy from source/upstream
directly.
However, I thought that Debian is widely used on servers. Is there no one
really complaining about missing SELinux support in Jessie?
Kernel and
it (it uses python) or if we are doing the migration
manually.
The maintainer script should also be updated to use the new location to
install the modules after the initial migration. Should we use semodule
again? We should also install these modules with the correct priority.
Cheers,
Laurent Bigonville
Source: refpolicy
Version: 2:2.20140421-9
Severity: serious
Hi,
With policycoreutils 2.4, the package has been split in multiple
sub-packages.
We need to check if the needed executables are still present and adjust
the dependencies accordingly.
Cheers,
Laurent Bigonville
-- System
is
disable and will not bother trying to do anything with it
Cheers,
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
t;
>
> Please modify your package to use the system-wide module provided by
> the python-ply package.
I just double checked, and it seems that the embedded version is
slightly modified. The changes doesn't seems that bit so we could try to
m
is working on debian)
- mcstrans
- restorecond
- ...
What are people thinking about this?
Cheers,
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
Le 14/09/15 17:26, Russell Coker a écrit :
On Tue, 15 Sep 2015 12:49:15 AM Laurent Bigonville wrote:
Package: selinux-basics
Followup-For: Bug #796693
I'm planning to kill the selinux-basics LSB initscript entirely and
remove all functionalities from the selinux-basic package. I'm planning
Regis Boudin wrote:
Hi Laurent,
Hello Regis,
On 18/06/14 18:27, Laurent Bigonville wrote:
Package: cdebconf
Version: 0.191
Severity: wishlist
Hi,
Since 1.17.0, dpkg is trying to run the maintainer scripts in a
different context based on the file context and fallback
Le Sat, 05 Jul 2014 20:11:44 +1000,
Russell Coker russ...@coker.com.au a écrit :
On Sat, 5 Jul 2014 11:03:32 Laurent Bigonville wrote:
Quickly looking a the libsepol case, I'm not sure why we are
re-executing init in this case at all. sysvinit doesn't seems to use
any of its symbols
system?
And then are you seeing any AVC denials related to this?
To be honest I'm puzzled by this bug.
Cheers,
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman
Le Mon, 12 May 2014 01:58:21 +0300,
Victor Porton por...@narod.ru a écrit :
12.05.2014, 01:50, Laurent Bigonville bi...@debian.org:
Le Mon, 12 May 2014 00:22:59 +0300,
Victor Porton por...@narod.ru a écrit :
I also added (untested) code to automatically reload the policy
(maybe upstream meant -L?)
Are you planning to send your patches to upstream (the one to add the
DESTDIR variable), it is always nice to have the less patches possible
in the debian package.
Cheers!
Laurent Bigonville
___
SELinux-devel mailing list
is
blocking everything, I don't think this is a bug but a design feature.
Cheers,
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
tag 682068 + patch
thanks
Le Wed, 30 Apr 2014 15:46:45 +0200,
Holger Levsen hol...@layer-acht.org a écrit :
Hi,
On Mittwoch, 30. April 2014, Laurent Bigonville wrote:
I'll try to cook something. But if you really want to remove the
support, wouldn't it be better to unconditionally switch
This is the first time I'm drafting a policy change, so comments
welcome :)
Cheers,
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
Le Thu, 1 May 2014 18:02:20 +0200,
Laurent Bigonville bi...@debian.org a écrit :
[...]
A maintainer script can for example call the restorecon(8)
executable to achieve this:
[ -x /sbin/restorecon ] /sbin/restorecon $myfile
I guess the output of restorecon should be redirected to /dev
Le Thu, 1 May 2014 17:57:02 +0200,
Holger Levsen hol...@layer-acht.org a écrit :
Hi Laurent,
On Donnerstag, 1. Mai 2014, Laurent Bigonville wrote:
I've attached a patch that is implementing the change.
great!
If /selinux is
present, the selinuxfs will be mounted
From: Laurent Bigonville bi...@bigon.be
We need to mount the selinuxfs read-only inside the chroot to make the
userspace think that selinux is disabled. This is required, otherwise
dpkg will fail as no policy is installed in the chroot.
We are also moving the mountpoint of the selinuxfs from
Le Thu, 1 May 2014 09:55:09 -0700,
Jonathan Nieder jrnie...@gmail.com a écrit :
Hi,
Hello,
Laurent Bigonville wrote:
A maintainer script can for example call the restorecon(8)
executable to achieve this:
[ -x /sbin/restorecon ] /sbin/restorecon $myfile
Should I do
{ ioctl read getattr lock search open } ;
But we should indeed considere adding something more generic
Cheers,
Laurent Bigonville
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign
-certificates.crt file is initally created in /tmp and thus is
labeled as '*_tmp_t', when the file is moved this label is preserved.
This could cause issues if a confined application wants to access it.
Cheers,
Laurent Bigonville
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
is not setting the context before calling
sendmail as by default it will transition to system_mail_t anyway.
Cheers,
Laurent Bigonville
[0]http://pkgs.fedoraproject.org/cgit/at.git/tree/at-3.1.14-selinux.patch
only in patch2:
unchanged:
--- at-3.1.14.orig/Makefile.in
+++ at-3.1.14/Makefile.in
@@ -40,6
Le Mon, 03 Mar 2014 12:11:56 -0500,
Zack Weinberg za...@panix.com a écrit :
On 2014-03-02 8:14 PM, Laurent Bigonville wrote:
Le Sun, 02 Mar 2014 17:09:39 -0500,
Zack Weinberg za...@panix.com a écrit :
Enabling or disabling any SELinux module with `semodule -e` / `-d`
takes
.
Thanks!
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
Le Tue, 14 Jan 2014 03:08:47 +1100,
Russell Coker russ...@coker.com.au a écrit :
On Mon, 13 Jan 2014 16:19:22 Laurent Bigonville wrote:
[...]
True. But seeing a list of 400+ modules isn't helpful either. Also
the module names aren't that informative, *I* had to read the source
of some
-only is a bit more urgent
than moving the mountpoint.
Cheers,
Laurent Bigonville
[0] http://comments.gmane.org/gmane.comp.security.selinux/15349
[1] http://permalink.gmane.org/gmane.comp.security.selinux/15870
___
SELinux-devel mailing list
SELinux-devel
how this should be done? I've
opened [0] is somebody is interested.
Cheers,
Laurent Bigonville
[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732845
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http
transitioned
out of the dpkg_t context.
The maintainer scripts run by dpkg-reconfigure should also transition to
the appropriate context.
Unfortunately there is no perl binding for selinux, I guess that the
tools from selinux-utils could be used instead.
Cheers
Laurent Bigonville
-- System Information
that the policy already has support for the
dpkg_script_t execution context, or did you had something specific in
mind?
Cheers,
Laurent Bigonville
For the record the discussion with selinux upstream is here:
https://lists.debian.org/debian-dpkg/2012/11/msg4.html
? It is quite difficult to track different problems in
one bug.
Cheers
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
Source: rpm
Version: 4.11.1-3
Severity: wishlist
Tags: patch
Hi,
Is there any reasons, the selinux support in rpm package has been
disabled?
If no, could you please reenable it?
Cheers
Laurent Bigonville
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy
if this filesystem is mounted and not
use the selinuxenabled command to see if selinux is enabled. It might
be possible that this package is not installed on the system even if
selinux is enabled (that's probably not the case on standard setup, but
it might happen).
Cheers
Laurent Bigonville
See
Le Fri, 17 May 2013 09:06:31 +0200,
Hannes von Haugwitz han...@vonhaugwitz.com a écrit :
Hi,
Hello,
On Thu, May 16, 2013 at 11:09:11PM +0200, Laurent Bigonville wrote:
Hannes von Haugwitz wrote:
[...]
I'll fix this in the libselinux package soon. It also probably
needs
. It also probably
needs Requires.private: libpcre too.
Cheers
Laurent Bigonville
___
SELinux-devel mailing list
SELinux-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
67 matches
Mail list logo