Bug#1054115: closed by Colin Watson (Re: Bug#1054115: broken on NFS)

2023-10-17 Thread Anton Ivanov 

On 17/10/2023 13:00, Debian Bug Tracking System wrote:

This is an automatic notification regarding your Bug report
which was filed against the man-db package:

#1054115: broken on NFS

It has been closed by Colin Watson .

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Colin Watson 
 by
replying to this email.



Apologies for reopening, you can close it again after that.

Actually, to be fair this is not just usr.bin.man.

As apparmor creep across more and more things it needs to become aware 
of network filesystems.


What Debian as a whole needs is an extra profile to load

network inet

network inet6

as defaults ONLY if /usr and/or root is on a network filesystem. That is 
an apparmor bug, not man bug.


Further to this. For documentation purposes: network inet and inet6 
needs to added both to the man and groff profiles.


Fixing man results in a similar failure invoking groff. It starts 
working only after both have been fixed.


--
Anton R. Ivanov
Cambridgegreys Limited. Registered in England. Company Number 10273661
https://www.cambridgegreys.com/

Bug#1054115: broken on NFS

2023-10-17 Thread Anton Ivanov 
Package: man-db
Version: 2.11.2-2
Severity: important

Can the genius who denied man internet access please
come forward and explain how it will now work on NFS-root
systems

[   79.257369] audit: type=1400 audit(1697531933.690:139): apparmor="DENIED" 
operation="sendmsg" profile="/usr/bin/man" pid=3921 comm="man" 
laddr=192.168.3.98 lport=676 faddr=192.168.3.3 fport=2049 family="inet" 
sock_type="stream" protocol=6 requested_mask="send" denied_mask="send"

Genius. Sheer, unadulterated, crystallized and purified.


-- System Information:
Debian Release: 12.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-22-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages man-db depends on:
ii  bsdextrautils  2.38.1-5+b1
ii  bsdmainutils   12.1.8
ii  debconf [debconf-2.0]  1.5.82
ii  groff-base 1.22.4-10
ii  libc6  2.36-9+deb12u2
ii  libgdbm6   1.23-3
ii  libpipeline1   1.5.7-1
ii  libseccomp22.5.4-1+b3
ii  zlib1g 1:1.2.13.dfsg-1

man-db recommends no packages.

Versions of packages man-db suggests:
ii  apparmor   3.0.8-3
ii  chromium [www-browser] 116.0.5845.180-1~deb12u1
ii  firefox-esr [www-browser]  102.15.1esr-1~deb12u1
pn  groff  
ii  less   590-2
ii  lynx [www-browser] 2.9.0dev.12-1
ii  w3m [www-browser]  0.5.3+git20230121-2

-- debconf information excluded