Bug#942114: marked as done (cache fails to store capabilities correctly)

Sun, 03 Nov 2019 15:40:10 -0800 

Your message dated Sun, 03 Nov 2019 23:34:48 +0000
with message-id <e1irpos-000ieb...@fasolo.debian.org>
and subject line Bug#942114: fixed in ganeti-instance-debootstrap 0.16-6.1
has caused the Debian Bug report #942114,
regarding cache fails to store capabilities correctly
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
942114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942114
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ganeti-instance-debootstrap
Version: 0.16-6
Severity: grave

It seems that ganeti-instance-deboostrap fails to properly cache the
filesystem after the first creation. This leads to stuff like
`/usr/bin/ping` having the wrong permissions. On a healthy system,
installed without caching, it looks like this:

root@test01:~# getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep
root@test01:~#

But if that instance is removed and recreated, it then looks like this:

root@test01:~# getcap /usr/bin/ping
root@test01:~#

This is "grave" because capabilities are a serious issue. There could
be suid files that are restricted by capabilities (or the
opposite). We just don't quite know and this looks really wrong. At
best it makes ping unusable by regular users, and that's still a
serious issue.

Inspection of the cache file confirms the capabilities are not stored
correctly:

root@fsn-node-02:~# tar fx 
/var/cache/ganeti-instance-debootstrap/cache-buster-amd64.tar ./usr/bin/ping
root@fsn-node-02:~# getcap ./usr/bin/ping
root@fsn-node-02:~# 

A.

-- System Information:
Debian Release: 10.1
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable'), (1, 'experimental'), (1, 
'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ganeti-instance-debootstrap depends on:
ii  debootstrap  1.0.114
ii  dump         0.4b46-5
ii  e2fsprogs    1.44.5-1+deb10u2
ii  fdisk        2.33.1-0.1
ii  kpartx       0.7.9-3
ii  util-linux   2.33.1-0.1

ganeti-instance-debootstrap recommends no packages.

ganeti-instance-debootstrap suggests no packages.

-- debconf-show failed

--- End Message ---
--- Begin Message --- 
Source: ganeti-instance-debootstrap
Source-Version: 0.16-6.1

We believe that the bug you reported is fixed in the latest version of
ganeti-instance-debootstrap, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 942...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Antoine Beaupré <anar...@debian.org> (supplier of updated 
ganeti-instance-debootstrap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 Nov 2019 19:01:50 -0400
Source: ganeti-instance-debootstrap
Architecture: source
Version: 0.16-6.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ganeti Team <team+debianganetit...@tracker.debian.org>
Changed-By: Antoine Beaupré <anar...@debian.org>
Closes: 942114
Changes:
 ganeti-instance-debootstrap (0.16-6.1) unstable; urgency=medium
 .
   * Non-maintainer upload
   * add patch to respect linux caps (Closes: #942114)
Checksums-Sha1:
 4327842ba7b31d6b6127d177440a690b7dfb6d84 1917 
ganeti-instance-debootstrap_0.16-6.1.dsc
 85de0fbcf21bb5135670d564bc7a8e2f31235553 9800 
ganeti-instance-debootstrap_0.16-6.1.debian.tar.xz
 8152eb780de85881655962c082a1e344b241cec1 6102 
ganeti-instance-debootstrap_0.16-6.1_amd64.buildinfo
Checksums-Sha256:
 7f581a7c54134516da2cdd399e82cc12e93127773c00f7fbe0eba89b81dcb1b4 1917 
ganeti-instance-debootstrap_0.16-6.1.dsc
 3d00f681c1da4cd290ac0de1aba6dd4acb43d398060079cf09abc9b8a4571299 9800 
ganeti-instance-debootstrap_0.16-6.1.debian.tar.xz
 29136e4ef8da892bebf21c075c07d7724d1f949b616407a063b5bc5369545bbd 6102 
ganeti-instance-debootstrap_0.16-6.1_amd64.buildinfo
Files:
 7a47c39fd2fcd6c271de188c69a12498 1917 admin optional 
ganeti-instance-debootstrap_0.16-6.1.dsc
 509bcdbedf6b4b078b6676b777fa2f63 9800 admin optional 
ganeti-instance-debootstrap_0.16-6.1.debian.tar.xz
 5bff8bc5b961caad79eacbfe3ec18fb0 6102 admin optional 
ganeti-instance-debootstrap_0.16-6.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAl28uyMACgkQPqHd3bJh
2XtZtAf9EaxV9X9//qB0gGfueUCrnQBe4N8tTgpB22FFRphIofneSJVqNUOmF3LO
Rk/p3JbJJjw/sF4wVxqsyrSoRcdT+zcctq0yshBoqrKGYVQYQWEwD2RoYVzMa/Pv
xUOHqRkTlLMYYk0rbncoogFw0fsRrvBdr+mMg4gUlLD7STGOsZQRhH7e5JbMltoB
z2VoDOGgr3NOfSKCDf+0yygiUx4WL7aTKgaEO8sIX8mPOgfRD+G2aeQn3hXEYFnC
tsJA3GCrdgE1RUg00TshESdfg74HmqXw89Lb3l/iq25TzlBqRo8Gnqqo4bmW2hfA
HGg8WFTBNH48zo4HevFc8FYJ+emsNg==
=s/3A
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to