Your message dated Fri, 20 Sep 2013 17:48:37 +0000 with message-id <[email protected]> and subject line Bug#707658: fixed in refpolicy 2:2.20110726-13 has caused the Debian Bug report #707658, regarding selinux-policy-default: dhclient fails to bind generic udp ports to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 707658: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707658 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: selinux-policy-default Version: 2:2.20110726-12 Severity: important Tags: patch Hi, with a standard > allow-hotplug eth0 > iface eth0 inet dhcp directive in /etc/network/interfaces, a system with selinux enabled in enforcing mode fails to configure eth0 via dhcp because the dhclient is denied to bind to a generic udp port (from dmesg, auditd is not yet running at this point): type=1400 audit(1368139483.940:3): avc: denied { name_bind } for pid=1646 comm="dhclient" src=15087 scontext=system_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket Looking in the fedora policy, I found that they simply allow dhcpc_t to bind to all udp ports since 2010, so I figured we should, too. However, this change is not found in upstream refpolicy and might actually grant excessive permissions. So if someone knows which ports are needed exactly, we could maybe do better. For now I pushed a change with the full permissions to alioth git. Cheers, Mika
--- End Message ---
--- Begin Message ---Source: refpolicy Source-Version: 2:2.20110726-13 We believe that the bug you reported is fixed in the latest version of refpolicy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville <[email protected]> (supplier of updated refpolicy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 20 Sep 2013 19:18:57 +0200 Source: refpolicy Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc Architecture: source all Version: 2:2.20110726-13 Distribution: unstable Urgency: low Maintainer: Debian SELinux maintainers <[email protected]> Changed-By: Laurent Bigonville <[email protected]> Description: selinux-policy-default - Strict and Targeted variants of the SELinux policy selinux-policy-dev - Headers from the SELinux reference policy for building modules selinux-policy-doc - Documentation for the SELinux reference policy selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy selinux-policy-src - Source of the SELinux reference policy for customization Closes: 707658 Changes: refpolicy (2:2.20110726-13) unstable; urgency=low . * Team upload. [ Mika Pflüger ] * Allow dhcpc_t to bind to all udp ports (Closes: #707658). . [ Laurent Bigonville ] * Rework the build system * Compress modules files with bzip2 * debian/control: - Bump Standards-Version to 3.9.4 (no further changes) - Drop really old Conflicts - Add a Breaks against selinux-basics (<< 0.5.2~) so we are sure it supports .bz2 compressed modules * debian/source/lintian-overrides: Add an override for maintainer-script-lacks-debhelper-token Checksums-Sha1: 3d694b64f9d4d53256131276cf6b244482e43e33 2036 refpolicy_2.20110726-13.dsc f3c6000d85de49b13d5f6d8618fadb7540cb6528 188869 refpolicy_2.20110726-13.debian.tar.gz 8300951e11aecac6431d01222290e5ba672d4082 2175840 selinux-policy-default_2.20110726-13_all.deb b5e982febe6489a474844e788c9c351656185bc2 2222028 selinux-policy-mls_2.20110726-13_all.deb f74ae10eacb6c7a24246459ce1aa510df49b0d08 1060464 selinux-policy-src_2.20110726-13_all.deb 4a6cf718d85d64c9bc2c6f097f1e5786d9ec47d4 384206 selinux-policy-dev_2.20110726-13_all.deb c3ab406aca26e1c9fe1fa4d52a570827cec34fdb 348330 selinux-policy-doc_2.20110726-13_all.deb Checksums-Sha256: 7902ea04b25de7656f2929f7a4903c75806af3d8a7f79eb184771b4c2fda71b1 2036 refpolicy_2.20110726-13.dsc 2047d3afb1d0275717b92ce64c261de0ece8dc4ab948093af16b9446a9029fb1 188869 refpolicy_2.20110726-13.debian.tar.gz fe24b42ee49be1d862fc9fb3549d15bc603f255cfe1e60b4baf2850c925f7a32 2175840 selinux-policy-default_2.20110726-13_all.deb 79458a6ba0b0b0318615cbd2572a1eb434d98913bad1ff074946fa772386f075 2222028 selinux-policy-mls_2.20110726-13_all.deb 8ffc468423714dc2903c45fc32f13357496876727b70a9991f90c27540c0cf0b 1060464 selinux-policy-src_2.20110726-13_all.deb 2c2dfe344c0be00dd9cc40c57699f3c53684def4c517754288e2a774f8555289 384206 selinux-policy-dev_2.20110726-13_all.deb 58b33bcaf26e10f99a263f40634c1439847271bfaf2ae6a96efe0734b6b571b0 348330 selinux-policy-doc_2.20110726-13_all.deb Files: 24f00a2d3293141c3b420d646ca205af 2036 admin optional refpolicy_2.20110726-13.dsc de7ec7b3ec112722cd2a48b829bef2eb 188869 admin optional refpolicy_2.20110726-13.debian.tar.gz 8625be37d891b11b6759d6b52a3c1160 2175840 admin optional selinux-policy-default_2.20110726-13_all.deb 8c227852b9895ae626a13d18e926fdb7 2222028 admin extra selinux-policy-mls_2.20110726-13_all.deb ca1e510d1c5fdea7c0ce3a665a0854d7 1060464 admin optional selinux-policy-src_2.20110726-13_all.deb e54401cf47085ed1e1824acbf2f5b96b 384206 admin optional selinux-policy-dev_2.20110726-13_all.deb 4061bd033bff471ba72e4a0b487f2b7f 348330 doc optional selinux-policy-doc_2.20110726-13_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBCAAGBQJSPIa9AAoJEB/FiR66sEPVxyUH/i3aevRTnbvMZkv7kXM0W7uM M/+4I8KQdRQGHIyfF+M72rnB9cVenV6r7GaV4mEDRocSi6if/g43XvAZ0kl5xH9z DPjwNU665efAyVUTlWEMxHbPr/7OfZKVAMJezf842jDswUmzUzMcnqZnMp4+C1XZ QHGFbRCqzxMtophlRnDiqB9czpo+5dz/Cja0Ie7/r0HZQT/PMo9qqoYs8e+P7+mK B32nGFCljJu8+oiWMY2QCQxHKcY9A9vrfWhTMb11QdfpV4qmoQZI3xKh+/Es/jTW UuZSSVrzAbNQjwKYO2EG7h+XskjbIn2CIzx25T/wmxjdYNU29NkcTxQT0pCP7js= =/AJS -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
