Your message dated Sun, 15 Dec 2013 22:20:35 +0000 with message-id <[email protected]> and subject line Bug#712970: fixed in refpolicy 2:2.20131214-1 has caused the Debian Bug report #712970, regarding selinux-policy-default: selinux prevents udev to modify /etc/udev/rules.d to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 712970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712970 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: selinux-policy-default Version: 2:2.20110726-12 Severity: important Dear Maintainer, after I have plugged in a new ethernet card, the selinux policy did not let udev make modifications to /etc/udev/rules.d/70-persistent-net.rules, which means that this ethernet card fails to get a consistent interface name when disconnecting and connecting it again. After I have used audit2allow to create the following module, udev is working as expected: module udev_rules 1.0; require { type udev_t; type udev_rules_t; class lnk_file create; class dir { write remove_name add_name }; class file append; } #============= udev_t ============== #!!!! The source type 'udev_t' can write to a 'dir' of the following types: # var_run_t, etc_runtime_t, udev_var_run_t, device_t, etc_t, tmpfs_t, udev_tbl_t, net_conf_t, root_t allow udev_t udev_rules_t:dir { write remove_name add_name }; allow udev_t udev_rules_t:file append; allow udev_t udev_rules_t:lnk_file create; -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.1.3-7.1 ii libselinux1 2.1.9-5 ii libsepol1 2.1.4-3 ii policycoreutils 2.1.10-9 ii python 2.7.3-4 Versions of packages selinux-policy-default recommends: ii checkpolicy 2.1.8-2 pn setools <none> Versions of packages selinux-policy-default suggests: pn logcheck <none> pn syslog-summary <none> -- Configuration Files: /etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local' -- no debconf information
--- End Message ---
--- Begin Message ---Source: refpolicy Source-Version: 2:2.20131214-1 We believe that the bug you reported is fixed in the latest version of refpolicy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville <[email protected]> (supplier of updated refpolicy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 15 Dec 2013 22:53:06 +0100 Source: refpolicy Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc Architecture: source all Version: 2:2.20131214-1 Distribution: unstable Urgency: low Maintainer: Debian SELinux maintainers <[email protected]> Changed-By: Laurent Bigonville <[email protected]> Description: selinux-policy-default - Strict and Targeted variants of the SELinux policy selinux-policy-dev - Headers from the SELinux reference policy for building modules selinux-policy-doc - Documentation for the SELinux reference policy selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy selinux-policy-src - Source of the SELinux reference policy for customization Closes: 552147 559356 691284 700326 700403 707243 711083 712970 716753 720631 722700 Changes: refpolicy (2:2.20131214-1) unstable; urgency=low . * Team upload. [ Laurent Bigonville ] * New GIT snapshot of the policy - Drop all the Debian specific patches, some of the patches have been merged upstream, but the rest was making it really difficult to upgrade the policy to the new upstream versions. - Add block_suspend access vectors (Closes: #722700) - libvirt should now run when compiled with selinux support (Closes: #559356) - Allow smartd daemon to write in /var/lib/smartmontools directory (Closes: #720631) - NetworkManager should now be able to write /run/network/ifstate (Closes: #711083) - Allow dovecot self:process setsched permission (Closes: #716753) - Add denyhosts policy package (Closes: #700403) - deny_ptrace boolean is now gone (Closes: #691284) - Allow fail2ban dac_read_search and dac_override capabilities (Closes: #700326) - irqbalance has now the getsched permission (Closes: #707243) * Refresh debian/modules.conf.* for new release, build all the policy packages as modules now * Drop debian/file_contexts.subs_dist, install upstream one instead * debian/rules: policy/rolemap file is gone * debian/control: Bump {build-}dependencies to the last userspace release * debian/rules: Disable UBAC for the default policy * debian/rules: Build the default policy with UNK_PERMS=allow * debian/control: Add dependency against selinux-utils for selinuxenabled * debian/NEWS: Add some information about the proper way to permanently disable a module * d/p/0004-init-startpar-initrc_t-gets-attributes-of-dev-dm-0-d.patch: Fix FTBFS and allow startpar can getattr of some devices * Add d/p/0005-add-missing-newline.patch: Add missing newline at the end of the file, this is causing weird behaviour, thanks M4 * d/p/0006-allow-udev-write-rulesd.patch: Allow udev to write in /etc/udev/rules.d (Closes: #712970) . [ Mika Pflüger ] * debian/postinst.policy: Rewrite the postinst script for the selinux-policy-* packages to automatically upgrade the running policy. (Closes: #552147) * debian/copyright: Update to machine-readable copyright format. * debian/postrm.policy: Use common postrm script for selinux-policy-* packages. Checksums-Sha1: e43bd81251d9c7e83b5d2decf3bdabd6f74c243e 2028 refpolicy_2.20131214-1.dsc 2bef75c1582562906f407a92c187f426bff58cbb 485350 refpolicy_2.20131214.orig.tar.bz2 b4a0533ff153764feb26c63fbf04607a1a2fe5d8 59842 refpolicy_2.20131214-1.debian.tar.gz c0fbb83d4bb9307f191c058a4211a0f738db2891 2885148 selinux-policy-default_2.20131214-1_all.deb 5913acd420f5becbc4558b464fb5170c7cf73d39 2935304 selinux-policy-mls_2.20131214-1_all.deb 27fd3b97b5964b1f422369f94881b65203a76b8a 1167640 selinux-policy-src_2.20131214-1_all.deb 0ba31d6ca998bc52d275f305e396083f98aa5b56 440436 selinux-policy-dev_2.20131214-1_all.deb a7a6d5d636848704d7a4118a16ca38bf91b7e415 398866 selinux-policy-doc_2.20131214-1_all.deb Checksums-Sha256: fd63c3b718d882256f58929959338966586ee2e1240b04bbaa40951fcbd760ef 2028 refpolicy_2.20131214-1.dsc 6f1c759c2599699e45630dc15542c481c4877818ce2ee0dfcae6d765e5669ff4 485350 refpolicy_2.20131214.orig.tar.bz2 71842f684e160735bbf76c12ab7e4bd760e8f34a4e2fc50ec85b735089f84b4c 59842 refpolicy_2.20131214-1.debian.tar.gz aede061f7f96463564a4266fd2d576852d9a75b317157a309c1c17659915341b 2885148 selinux-policy-default_2.20131214-1_all.deb 7671993e7e32562eec4dcf6310b77c37de4c45d2195a767dffbed31215c8ac05 2935304 selinux-policy-mls_2.20131214-1_all.deb b1696f5d3d842b4dd056531386c4ee752a0de4b331dfda703052adbc4648b026 1167640 selinux-policy-src_2.20131214-1_all.deb fcbf8c9035153cdbe7a70fc29ca04e14d1f8f68ab0097b3be0aea3023a356b20 440436 selinux-policy-dev_2.20131214-1_all.deb 6bfddcf99adc0f3a8f639814f0f0bb382e87641d3ad54e6529f727c2a9e502dc 398866 selinux-policy-doc_2.20131214-1_all.deb Files: 009fedb1b5b513c8123b2ba2088026b4 2028 admin optional refpolicy_2.20131214-1.dsc b66c7c9a265d91e16b9f134e076c5ec6 485350 admin optional refpolicy_2.20131214.orig.tar.bz2 6792723027c93c25a12f8bab2e746608 59842 admin optional refpolicy_2.20131214-1.debian.tar.gz 2275eb2d63b198c245a3353985e247ea 2885148 admin optional selinux-policy-default_2.20131214-1_all.deb d6e649027c6e3d95344a104ae1be1e50 2935304 admin extra selinux-policy-mls_2.20131214-1_all.deb ef3ac2ea73ff2d09f0126045ce0f4b6e 1167640 admin optional selinux-policy-src_2.20131214-1_all.deb d59dd550ae8cde1a99c786e63391c8c6 440436 admin optional selinux-policy-dev_2.20131214-1_all.deb 3c19766a4b2a78e2eb0a11911dcc4044 398866 doc optional selinux-policy-doc_2.20131214-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQEcBAEBCAAGBQJSrii4AAoJEB/FiR66sEPVh1kH/2PzUsu94edbBWhzac59dnHU eEXTa9FcPgBN0CGw7km2G6RYz+6nQ8XSknhJq4AIu3NrryNidGRvW6mOLcTLQhTy xLI7Z6Fbh0OzCw8UNlOs7KucgPbqhS4JLYvZKGzmOEp/06JfFJ1+l3QM2Y77Sfik ZsB5J8zsKt16bqfafF3qH+T67W6CX+lzQasMz1O3MK8PVNLrBKz2MHYwKdtJmwDG zNsLJU6gonEEdrDX1dUUXJPYad7riOpqmHjr3v45xMxTeak6Y2+aHRt2OxrtA3JO C6V9KiSubqJ+LK5kiovCJUUN9plRj1cOkutvS+YxjFfNtNlFil2y1Wpts9OFPH4= =aM4B -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
