Your message dated Fri, 07 May 2021 16:48:26 +0000
with message-id <[email protected]>
and subject line Bug#988100: fixed in mmdebstrap 0.7.5-2.2
has caused the Debian Bug report #988100,
regarding mmdebstrap: squashfs image lack security capabilities (e.g. for
/bin/ping)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mmdebstrap
Version: 0.7.5-2
Severity: important
Hi,
/bin/ping (from iputils-ping) uses the security capabilities to allow
users to use the program:
```
$ getcap /bin/ping
/bin/ping cap_net_raw=ep
```
When generating a squashfs images with mmdebstrap, these security
capabilities are lost. Example for a minimal chroot on Debian unstable:
```
$ apt install -y bdebstrap mmdebstrap squashfs-tools-ng
$ mkdir -p ~/.ssh
$ touch ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
$ bdebstrap -c /usr/share/doc/bdebstrap/examples/Debian-buster-live.yaml
--packages iputils-ping -n example2
[...]
W: tar2sqfs does not support extended attributes
[...]
$ rdsquashfs -x /bin/ping example2/root.squashfs
$
```
Adding `push @taropts, '--xattrs';` after the tar2sqfs warning line 5355
will produce a squashfs image that contains the security capabilities:
```
$ rdsquashfs -x /bin/ping example2/root.squashfs
security.capability=0x0100000200200000000000000000000000000000
```
This test was done on Debian unstable and Debian bullseye with
mmdebstrap 0.7.5-2 and squashfs-tools-ng 1.0.4-1.
--
Benjamin Drung
Senior DevOps Engineer and Debian & Ubuntu Developer
Compute Platform Operations
1&1 IONOS SE | Greifswalder Str. 207 | 10405 Berlin | Deutschland
E-Mail: [email protected] | Web: www.ionos.de
Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 24498
Vorstand: Hüseyin Dogan, Dr. Martin Endreß, Claudia Frese, Henning
Kettler, Arthur Mai, Matthias Steinberg, Achim Weiß
Aufsichtsratsvorsitzender: Markus Kadelke
Member of United Internet
--- End Message ---
--- Begin Message ---
Source: mmdebstrap
Source-Version: 0.7.5-2.2
Done: Benjamin Drung <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mmdebstrap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Benjamin Drung <[email protected]> (supplier of updated mmdebstrap
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 May 2021 17:30:39 +0200
Source: mmdebstrap
Architecture: source
Version: 0.7.5-2.2
Distribution: unstable
Urgency: medium
Maintainer: Johannes 'josch' Schauer <[email protected]>
Changed-By: Benjamin Drung <[email protected]>
Closes: 988100
Changes:
mmdebstrap (0.7.5-2.2) unstable; urgency=medium
.
* Non-maintainer upload.
* Do not pass unsupported system attributes to tar2sqfs (Closes: #988100)
Checksums-Sha1:
2805df8d5d7490982f70f621ff9d9c28982385f2 2197 mmdebstrap_0.7.5-2.2.dsc
a2ba3d0d17949996b0228f2dd30022bce1a35def 11568
mmdebstrap_0.7.5-2.2.debian.tar.xz
75e9c0113eb67f8724259e7519397d9b713dc575 7370
mmdebstrap_0.7.5-2.2_source.buildinfo
Checksums-Sha256:
231ab505fac675acda098a5b328fee0b939be5d5881d7713b8ec759ee9833543 2197
mmdebstrap_0.7.5-2.2.dsc
d424901dabd2b84833756c24eae07215d8232e8f2eaac6261ffbb92b0b5256b5 11568
mmdebstrap_0.7.5-2.2.debian.tar.xz
ff70ed2af65ec6b902e8427f742a0de3f3add5c1fceb34fa4d17188a925db76f 7370
mmdebstrap_0.7.5-2.2_source.buildinfo
Files:
b5936b64dd200f7b9bd55d32c6b77822 2197 admin optional mmdebstrap_0.7.5-2.2.dsc
2933e4cf78d57ebd436f39a5a93130c1 11568 admin optional
mmdebstrap_0.7.5-2.2.debian.tar.xz
3da85aaebb1a93bbf31e2616a97bf6fb 7370 admin optional
mmdebstrap_0.7.5-2.2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE5/q3CzlQJ15towl13YzVpd6MfnoFAmCVadoACgkQ3YzVpd6M
fnockhAAkIr52ERW+hd06+ELoUIT1RrRhCyl3O108NCvC206YCk2Tghjexwrx2bM
32oO8BoBVp+flH6159qYNBpFK/ZlTnGchGMpFwQeEoEkINpZKamz0Ubd9gzkm0Ez
y180C09qILnaO0kGditl25UtJsLnVUjndEWKg8tRUGn4bt/s4xV3++WqmljlM5ZK
iAqjWonD7O/fTBWF/+WJ2Vajp2qTYzuLu8Xg7aVha+n8B/Kfd1eANb/aSjysaMm8
BB5uheHhuZidxKmXENxgTZ7GnJJaSgi6oUaB6qEH4RSMrGM9M65eeu8P9rsL+nYx
GWDQD4EWy0kbo/NVKHRPPYvD+3ES9n3FOuKgn9s6WN1YQYEfitDAONcGXnHEUHmr
cyblz7yu3rotWbm1uthVI89zuZLY9PIMU659FDd2AY8IcsGMwFKa2girQtAzl2LZ
Pul7VBTpX5ykBr9R3F2epojK/WfMfY591m8rW6ix1SCVQ1i1Zt4Y6H6Q0dpH6y1+
uCEaKp517FKCyuBa1dbhvDogqssOD3ypDfjI59SWsr1OvWPoy5An5+KggzRfnKjS
yK5Fz+2jkXLg+1L/ZF2lzKO771m2lb2qIjavIVIc8ZH5cFCuzbE3gfHFfdFyDi+b
ZF/UP0DQdKeZSZUIKzC7ysRnC0X2zVSqsRabYhr4dV04DVMXDzQ=
=2ktL
-----END PGP SIGNATURE-----
--- End Message ---
