Your message dated Sun, 15 Oct 2023 19:49:47 +0000 with message-id <e1qs77t-002ldk...@fasolo.debian.org> and subject line Bug#1053898: fixed in rsyslog 8.2310.0-2 has caused the Debian Bug report #1053898, regarding Hardening rsyslog.service breaks debian/tests/logcheck autopkgtest to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1053898: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053898 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: rsyslog Version: 8.2310.0-1 Severity: serious X-Debbugs-Cc: Richard Lewis <richard.lewis.deb...@googlemail.com> The latest update of rsyslog enabled various systemd hardening and security features, specifically: CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_RESOURCE CAP_SYSLOG SystemCallFilter=@system-service NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes ProtectHome=yes ProtectSystem=full ProtectKernelTunables=yes ProtectKernelModules=yes ProtectClock=yes ProtectControlGroups=yes ProtectHostname=yes It turns out that `PrivateTmp=yes` breaks the logcheck autopkgtest. @Richard: as author of that test, could you please that a look at this issue. It currently prevents rsyslog from migrating to testing. https://qa.debian.org/excuses.php?package=rsyslog Regards, Michael
--- End Message ---
--- Begin Message ---Source: rsyslog Source-Version: 8.2310.0-2 Done: Michael Biebl <bi...@debian.org> We believe that the bug you reported is fixed in the latest version of rsyslog, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1053...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated rsyslog package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 15 Oct 2023 21:09:00 +0200 Source: rsyslog Architecture: source Version: 8.2310.0-2 Distribution: unstable Urgency: medium Maintainer: Michael Biebl <bi...@debian.org> Changed-By: Michael Biebl <bi...@debian.org> Closes: 1053898 1053913 Changes: rsyslog (8.2310.0-2) unstable; urgency=medium . [ Richard Lewis ] * Update autopkgtest now that rsyslog.service is hardened Previously, rsyslog was told to put its entries in /tmp/test-rsyslog-syslog.log which was then checked with logcheck. But rsyslog.service now runs with PrivateTmp=true which means test-rsyslog-syslog.log is not available after the service ends. (Additionally, improve diagnostic messages when no output was detected) (Closes: #1053898) . [ Michael Biebl ] * Limit exposure to remote access. Use `RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX` to limit the set of socket address families accessible to rsyslog. Thanks to Robert Edmonds <edmo...@debian.org> * Make /dev/xconsole available in rsyslog.service. This was broken by the recent hardening of the service. Make the xconsole pipe available if enabled. (Closes: #1053913) Checksums-Sha1: 489d10be22db171c697ef15914c4dfcc5a319e43 3313 rsyslog_8.2310.0-2.dsc 744a32fc58feefc8bc65201fe990ea616bf28b22 30756 rsyslog_8.2310.0-2.debian.tar.xz 5105e1b42c967bcf9e354330e0d3e84069edbb2d 10322 rsyslog_8.2310.0-2_source.buildinfo Checksums-Sha256: fb43d6087cf8b1e835bf0ede872b31c972ecd71e43abf99dd2b0498075fd2556 3313 rsyslog_8.2310.0-2.dsc e83975f35c47180b226729b52e4f1d394b710004459e328f7ad5e40126d4559e 30756 rsyslog_8.2310.0-2.debian.tar.xz d3bc70d626962e6712e36d480f54eab89ae980538b86b630ca7912a839a195e9 10322 rsyslog_8.2310.0-2_source.buildinfo Files: 64774c3f04cb249978620880c6fadf79 3313 admin optional rsyslog_8.2310.0-2.dsc fd8eda29ec75a905e3997d93bb78360a 30756 admin optional rsyslog_8.2310.0-2.debian.tar.xz d272393c9e7ffa0243aad9bf6f8b294e 10322 admin optional rsyslog_8.2310.0-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAmUsPgAACgkQauHfDWCP ItxfJQ/+JDfnDUuXIZDzTNRwgXxwN1zQ7z7qO09tuVlxptpCn8T2pepHKAsiJenu yhRrXw4prfPVY5de2ZhHcKJGYaYl1soEXZtgYw+OETpo5SMdQKphqj6yfV3/OfEq DcaZMu9PWE2JiR5RjFpO/wUBJfhrsQFv6sEvQX5mlI7708ltohEHSi3gmsXpz5UH 2KRA94PzJ3TrzZ5Or9nY+lpzVnZrlZc1bMfWE7LWjWjDaCkB6S9wMH9pkodxmnHu 1thvdSuwOzHe947xP3hcHGMFAfozR7oYZdG94KEjnh+cV+PWfMenqo9CaifHgUn9 Izpek+VAxeHzNmvjXJiF/1J6GlE89c0iPBiJdY+hUntgr7lDzJHhjb1y60ojSxl6 bYs3gSmN6VJRP1NoxZqHRHuYT1DHKPoPOWhf2IO2kCdV+pT0Onyl2EUMy1jvdvsf pQTyDZisbYpjNUwYErtxsKd8SYsnv3WrS6GcJcM/fZJlIbNuN+SpThNsf17sxDPg hm+UEeniszwmlED57EBJHWmH1DGm0LPxF4DgoazWQbmN3aSt/6pm7NlF3aHN04wM b3wIFfZX12lj9YySl+7Oe91qDDWHOvs3NDeBDDvxoymnUx19jHIdLpnjT45RMI6j Jhq9ayl//8QPiAee7Sca3BAFcBw6bXfatC1Pa5dDf+l0colGz58= =PKlc -----END PGP SIGNATURE-----
--- End Message ---
