Your message dated Wed, 04 Jan 2023 22:27:36 +0000 with message-id <[email protected]> and subject line Bug#934474: fixed in libvirt 8.10.0-3 has caused the Debian Bug report #934474, regarding libnss-libvirt: fails to work with apt when seccomp is enabled to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 934474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934474 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libnss-libvirt Version: 5.2.0-2 Severity: normal Dear Maintainer, when: - libnss-libvirt (5.0.0-4 or 5.2.0-2) is active in /etc/nsswitch.conf (libvirt or libvirt_guest) - being on x86-64 (not sure about other platforms, but may be relevant) - apt has seccomp enabled (APT::Sandbox::Seccomp "true";) apt fails when trying to contact hosts (see log below), because syscall 217 (getdents64) can't be executed. /etc/apt/apt.conf.d/90libnss-libvirt specifies that getdents is allowed: // the nss module (once enabled) will make apt call getdents (LP: #1732030) apt::sandbox::seccomp::allow { "getdents" }; Changing getdents to getdents64 makes it work, but I suppose some systems may use getdents while others may use getdents64. It would probably be best to allow only the one that is required on that architecture, but allowing both is probably not too bad: apt::sandbox::seccomp::allow { "getdents", "getdents64" }; Cheers, Thomas Luzat apt-get source libnss-libvirt Reading package lists... Done Picking 'libvirt' as source package instead of 'libnss-libvirt' NOTICE: 'libvirt' packaging is maintained in the 'Git' version control system at: https://salsa.debian.org/libvirt-team/libvirt.git Please use: git clone https://salsa.debian.org/libvirt-team/libvirt.git to retrieve the latest (possibly unreleased) updates to the package. Need to get 15.1 MB of source archives. 0% [Working] **** Seccomp prevented execution of syscall 0000000217 on architecture amd64 **** E: Method http has died unexpectedly! E: Sub-process http returned an error code (31) E: Failed to fetch some archives. -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (501, 'unstable'), (500, 'unstable-debug'), (500, 'testing-debug'), (400, 'testing'), (101, 'experimental'), (1, 'experimental-debug') Architecture: amd64 (x86_64) Kernel: Linux 5.2.8-wopr (SMP w/8 CPU cores; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libnss-libvirt depends on: ii libc6 2.28-10 ii libgcc1 1:9.1.0-10 ii libvirt0 5.2.0-2 ii libyajl2 2.1.0-3 libnss-libvirt recommends no packages. libnss-libvirt suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libvirt Source-Version: 8.10.0-3 Done: Andrea Bolognani <[email protected]> We believe that the bug you reported is fixed in the latest version of libvirt, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andrea Bolognani <[email protected]> (supplier of updated libvirt package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 04 Jan 2023 22:09:31 +0100 Source: libvirt Architecture: source Version: 8.10.0-3 Distribution: unstable Urgency: medium Maintainer: Debian Libvirt Maintainers <[email protected]> Changed-By: Andrea Bolognani <[email protected]> Closes: 934474 1021956 1025578 Changes: libvirt (8.10.0-3) unstable; urgency=medium . [ Michael Biebl ] * [4d6db56] Replace manual maintscript code with dh_installsystemd - No longer needed now that #994204 has been addressed - Closes: #1021956 * [91d9ac0] Drop no longer supported static priorities from dh_installinit . [ Smits Katze ] * [60b2ca1] libnss-libvirt: Update apt seccomp filter - Allow getdents64() in addition to getdents() - Thanks to Thomas Luzat - Closes: #934474 . [ Andrea Bolognani ] * [b9b2923] libvirt-daemon-system: Depend on polkitd instead of policykit-1 - Makes it possible to not install / uninstall pkexec - Closes: #1025578 * [c62b8b2] libvirt-daemon-system: Drop polkit rules in legacy pkla format - Makes it possible to not install / uninstall polkitd-pkla * [8c5870d] control: Bump Standards-Version to 4.6.2 - No changes needed Checksums-Sha1: 51aaef216eebe22b23ec12b69110d66b0698ce4b 5515 libvirt_8.10.0-3.dsc 851490bc825df0a422041d7b82359eae2adee9fb 82180 libvirt_8.10.0-3.debian.tar.xz 1826f2e53bafc9fa79377b21d23c359f23505490 14440 libvirt_8.10.0-3_source.buildinfo Checksums-Sha256: 233ff4f4ee47916af4bb516d0b9744f17b0c15ba61cbf9738c08c4425f9a2b29 5515 libvirt_8.10.0-3.dsc a4820b99c302d8edd975e91f81614efac768f6b6810bd8f61efcae02cfd126d5 82180 libvirt_8.10.0-3.debian.tar.xz 6fe956c0e9d81d765991a44dc92635180e70a42c33ccfc3a71bdfc9426b76ce2 14440 libvirt_8.10.0-3_source.buildinfo Files: 229a54f05a39630d552deeb660e8444a 5515 libs optional libvirt_8.10.0-3.dsc b7c5dfbfaac69a9959a0ec4322d5e16e 82180 libs optional libvirt_8.10.0-3.debian.tar.xz 967df3e0954c5ceddecf9edfeb45e776 14440 libs optional libvirt_8.10.0-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEO48t9niVypx3EjLf954fxUKFg6wFAmO1+JIPHGVvZkBraXl1 a28ub3JnAAoJEPeeH8VChYOsIuMP/jKmF2SEkf+1L+8glYPEPcDFD/YH+EDwC7x3 MHBhH+OMqBzeCAnN/KvEDA5JYQJvRcqMSFM63HbER3g7Xfl49wyBl3BqoYwwAgjn hrRlFamuD7/KvWUGwV36JKnkbWby0hSEDGvBMtslaVmgJxd30e2n4e7q62Ad2h7w Amb9zDr50J7Unv1uVtkVIuiVAXe0IUF/ThNeUBPkhTr9Qb1fEKB+9iVOtlhxaG9+ i1W7Fb8UxfliqRnlVRNSYLUeoHkAn+Jww9XXA/nyDRKiZGAa7cV0PxMMQKCC3bir gDVMJBM9oQYfD+MPnNUNBni4Soi3RHSyPqWdDkrJ8UhCR74KoxvusGW0lXYUCQwS wtdGaV0B9pnrxRggN8L9vKt0WVHUgdcvRahkMY8Km8D0WYWJuDgl9syZV9IZQTNy bpkrkGBY31sRHSCBYDug1mwagIjdrWmIE0awzQEcDFJDZJ8DvTV7wRM7iee1kb6C O6zareDR5VLdamlYqAPj0fBq9E49l2/sNDuyrg61mgqdP0sREzWpbaN5Uxf0yy4h 0bvOScNvSLSEdJaKmHF+qKWTpRcKlVdg/b5wZOgKqDqGlMTfOL+NnDQcDr1Ahz0k DWIJvFysg2EYhz6o14RmcmX5I5JxlkIg5mo/quzF9VKk2dQqVWcWKaei7+UmcI03 2/B0VGa4 =evt3 -----END PGP SIGNATURE-----
--- End Message ---
