Your message dated Wed, 27 Nov 2024 21:49:18 +0000
with message-id <[email protected]>
and subject line Bug#1086844: fixed in guestfs-tools 1.52.2-2
has caused the Debian Bug report #1086844,
regarding passt: apparmor profile breaks passt in libguestfs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1086844: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086844
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: passt
Version: 0.0~git20241030.ee7d0b6-1
Severity: normal
X-Debbugs-Cc: [email protected]
Dear Maintainer,
I just tried to run virt-sysprep on a system with passt installed (as a
recommended dep of podman) and I'm getting this error:
$ virt-sysprep -v -d deb-tmp --enable customize \
--network \
--install openssh-server \
--ssh-inject root:file:"$HOME"/.ssh/id_rsa_vagrant.pub \
--run-command 'dpkg-reconfigure openssh-server' \
--mkdir /usr/lib/repart.d \
--append-line '/usr/lib/repart.d/50-root.conf:[Partition]' \
--append-line '/usr/lib/repart.d/50-root.conf:Type=root' \
--hostname deb-tmp
[…]
libguestfs: command: run: passt
libguestfs: command: run: \ --one-off
libguestfs: command: run: \ --socket
/run/user/1000/libguestfsBF3BBT/passt.sock
libguestfs: command: run: \ --pid /run/user/1000/libguestfsBF3BBT/passt1.pid
libguestfs: command: run: \ --address 169.254.2.15
libguestfs: command: run: \ --netmask 16
libguestfs: command: run: \ --mac-addr 52:56:00:00:00:02
libguestfs: command: run: \ --gateway 169.254.2.2
Failed to bind UNIX domain socket: Permission denied
virt-sysprep: error: libguestfs error: passt exited with status 1
The system journal says:
kernel: audit: type=1400 audit(1730904512.692:218): apparmor="DENIED"
operation="mknod" class="file" profile="passt"
name="/run/user/1000/libguestfsBF3BBT/passt.sock" pid=2722319 comm="passt.avx2"
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
I had to disable the AppArmor profile for passt to make this work.
-- System Information:
Debian Release: trixie/sid
APT prefers stable-security
APT policy: (990, 'stable-security'), (990, 'testing'), (500,
'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500,
'unstable'), (500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.10.3-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages passt depends on:
ii libc6 2.40-3
passt recommends no packages.
Versions of packages passt suggests:
ii apparmor 3.1.7-1+b2
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: guestfs-tools
Source-Version: 1.52.2-2
Done: Hilko Bengen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
guestfs-tools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hilko Bengen <[email protected]> (supplier of updated guestfs-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 27 Nov 2024 21:31:37 +0100
Source: guestfs-tools
Architecture: source
Version: 1.52.2-2
Distribution: unstable
Urgency: medium
Maintainer: Hilko Bengen <[email protected]>
Changed-By: Hilko Bengen <[email protected]>
Closes: 1086844
Changes:
guestfs-tools (1.52.2-2) unstable; urgency=medium
.
[ Stefano Brivio ]
* Introduce AppArmor profile (Closes: #1086844)
.
[ Hilko Bengen ]
* Add build-dependency for AppArmor profile
Checksums-Sha1:
bedc3c1971bb6edbcb96871b72227c07e4a8fe0c 3327 guestfs-tools_1.52.2-2.dsc
5d753411f732a728053ce70becb2167a70fd5420 4760
guestfs-tools_1.52.2-2.debian.tar.xz
e2cf3d7cb480041d7d15d2059cbab77508608fd8 15883
guestfs-tools_1.52.2-2_source.buildinfo
Checksums-Sha256:
2d359780f5faec85913af9f5bff748f99a045699b674f7256f51ccc6fb179284 3327
guestfs-tools_1.52.2-2.dsc
d4ea20aaf022f584f4d8ac551f946cffeeafa905ca4e8ec37464d5a4592da801 4760
guestfs-tools_1.52.2-2.debian.tar.xz
3907be597942c2a65a7569167ea4319ffee4c062dfddada62edca944351a6a7c 15883
guestfs-tools_1.52.2-2_source.buildinfo
Files:
d893d9d453f12113cd3b425502e2b66c 3327 utils optional guestfs-tools_1.52.2-2.dsc
32b5993de7ffc4fc89b6685d77f786e0 4760 utils optional
guestfs-tools_1.52.2-2.debian.tar.xz
d3527cc93465efc8e6138e00277ac900 15883 utils optional
guestfs-tools_1.52.2-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAmdHkLIACgkQdbcQY1wh
On7dRg//dWc7cdGqf25WmUcSTtyl13yBt4xNzn9Mg29obq9e8dcXyWHF8Rjt7IUc
6Lmi4C/snikHrphpvWClr01kty+R21Sf8U4lMNbfq3orMK0g6t1PyLDx0SrEmmy3
e69ufK406tiJmkJLnelp4eV5m/RLnCjHfvqAntwjT2qOkIpV56e5IvL9TV2nsXpd
tFWxyYCGlj/uDqCQmqfLqnOxwQyPRHlW81yViw1HXHSZDZx/isE9R/emCLx3/nPM
peMF+s1e1cNa2T5UQTSbSy2g4emRPNe3ihT9uPeobEKo5eYQ/ZZg+e3UunRoLLqi
EpwKTQ6XRNgH26hbvqX4oDWYGB4Hfo5EK7cT5UXKAMKqg0xuN1MwRkpaUitA5RvB
bIhML8H8dG451qXX/LF9CcIH9Knjy0dpAhS5h9qQQERqZ7D+ZvfFyl4T4uGvrS0t
r/WQ5q1h4lRjon2w3BOYC6WH8H6XfLJ1Cy2NmJn0RMM6l7P7fsem1HUClOt6tSej
PDq5vqIH8a04GMA+dzVrLOtPcWwyuCtj/hyjFgtI7m3z4PpSB5pPrr88tEEwsprL
uU5nxcadWeLAu2sZALhy/CBdnz96CuBWa32DLxnfYtMBcbQo22xEa6KtiBFvyqK9
McqvnmNbkUsq2bXGcoTK59vs7A02JkiH+ViFyKHLYC9y9JRsrW4=
=5WED
-----END PGP SIGNATURE-----
pgpnmhqzAkIy6.pgp
Description: PGP signature
--- End Message ---
