Your message dated Sat, 30 Jun 2012 21:38:00 +0000
with message-id <[email protected]>
and subject line Bug#679641: fixed in dpkg 1.16.6
has caused the Debian Bug report #679641,
regarding dpkg: if mcstransd is unexpectedly stopped then dpkg uses invalid SE
Linux context
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
679641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679641
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg
Version: 1.16.4.3
Severity: normal
I am giving this bug "normal" severity, but for certain types of SE Linux use
it might be regarded as more severe.
1) rjc:user_r:user_t:s0-s0:c0.c1023
2) rjc:user_r:user_t:SystemLow-SystemHigh
The way things currently work is that dpkg converts the sensitivity range of
a file from the computer readable form to the human readable form (the first of
the above two lines to the second). Then before writing the data to disk it
converts it back to the first form. mcstransd is used for the conversions
both ways, if it's running when dpkg tries to convert from #1 to #2 but not
running when dpkg wants to convert from #2 to #1 then dpkg will try to write
#2 to disk, which is a violation of SE Linux policy.
This can happen when dpkg upgrades multiple packages including policycoreutils
(which contains mcstransd). A mitigating factor for the users is that it's
recommended that upgrades of SE Linux policy and related packages (including
policycoreutils) between Debian releases be done in permissive mode with a
full relabel afterwards. But if someone upgraded from Squeeze to Testing a
few weeks ago and then upgraded to the latest Testing today it would mess
things up.
Error setting security context for next file object:: Invalid argument
To demonstrate this problem instruct dpkg to install a couple of big packages
(I use libreoffice-common and libreoffice-core) and then stop mcstransd while
dpkg is working. You may need to do it two or three times to get it to happen.
If the system is in permissive mode then the string "SystemLow" will be
included in contexts written to disk and in enforcing mode dpkg will write a
message such as the above to stderr. In both cases a message such as the
below will be written to the audit log (or the kernel message log if auditd
isn't running).
type=AVC msg=audit(1341055747.187:1390): avc: denied { mac_admin } for
pid=10131 comm="dpkg" capability=33
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=capability2
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (350, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dpkg depends on:
ii libbz2-1.0 1.0.6-3
ii libc6 2.13-33
ii liblzma5 5.1.1alpha+20120614-1
ii libselinux1 2.1.9-5
ii tar 1.26-4
ii zlib1g 1:1.2.7.dfsg-13
dpkg recommends no packages.
Versions of packages dpkg suggests:
ii apt 0.9.7
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.16.6
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive:
dpkg-dev_1.16.6_all.deb
to main/d/dpkg/dpkg-dev_1.16.6_all.deb
dpkg_1.16.6.dsc
to main/d/dpkg/dpkg_1.16.6.dsc
dpkg_1.16.6.tar.xz
to main/d/dpkg/dpkg_1.16.6.tar.xz
dpkg_1.16.6_amd64.deb
to main/d/dpkg/dpkg_1.16.6_amd64.deb
dselect_1.16.6_amd64.deb
to main/d/dpkg/dselect_1.16.6_amd64.deb
libdpkg-dev_1.16.6_amd64.deb
to main/d/dpkg/libdpkg-dev_1.16.6_amd64.deb
libdpkg-perl_1.16.6_all.deb
to main/d/dpkg/libdpkg-perl_1.16.6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 30 Jun 2012 21:45:10 +0200
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.16.6
Distribution: unstable
Urgency: low
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
libdpkg-dev - Debian package management static library
libdpkg-perl - Dpkg perl modules
Closes: 679641
Changes:
dpkg (1.16.6) unstable; urgency=low
.
[ Guillem Jover ]
* Do not translate SE Linux context to human readable form while unpacking,
as that might cause the operation to fail if the mcstransd daemon
stopped running during the transaction. Closes: #679641
Thanks to Russell Coker <[email protected]>.
* Add --control-list and --control-show to dpkg-query --help output.
.
[ Raphaƫl Hertzog ]
* Fix import of error functions in dpkg-buildflags. Regression introduced
in 1.16.5.
.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
.
[ Updated man page translations ]
* German (Helge Kreutzmann).
Checksums-Sha1:
da5a1d52a7c66b9a0371f3d7cde54e9472d24b36 1372 dpkg_1.16.6.dsc
2341b5d8f213bcfdcd74f93f14ae97458c94fd52 3549060 dpkg_1.16.6.tar.xz
b91e4a469922656e5eb0257846b053bae5231a6c 667800 libdpkg-dev_1.16.6_amd64.deb
e2676499805865fbd2823853ae5eb1f3a655eedd 2267030 dpkg_1.16.6_amd64.deb
14c64395e75fc67b20edf6183a736ec98a6bca3c 1101358 dselect_1.16.6_amd64.deb
1c5bebd8a4d12198e1a75fa4fdec75b1b987f59a 1144144 dpkg-dev_1.16.6_all.deb
ebb01fd7383a876cc75b7c1f6297e89093a0d2fa 864282 libdpkg-perl_1.16.6_all.deb
Checksums-Sha256:
4c9f95f1b78283aa41a78f6c85d36d1b6c0ad7d891105b221ff9435eb968b3fc 1372
dpkg_1.16.6.dsc
5423376dde27d277149a2cb4b2458e39ee389b6d91e94de41117e05adb220b00 3549060
dpkg_1.16.6.tar.xz
e273691ca0a8fd36a5da10007e628c9ee7a0d61a0ff3bc717730461f6e88f69a 667800
libdpkg-dev_1.16.6_amd64.deb
e2ec568acd3408aec8fee98a08b50af8f8f34b185190947fee24a22e1654d0c3 2267030
dpkg_1.16.6_amd64.deb
9186d2adb600931b4a1d3fa9f2e62d8bfcde1ef0d6dd291a35d612f26a390be1 1101358
dselect_1.16.6_amd64.deb
bcea23bbb4c3b73051cac9f193ae1dbc1293f6d71d1e90e0b4a65d89e66f6db5 1144144
dpkg-dev_1.16.6_all.deb
f84f81210f2df525733c12d39e18ac0563ee43e74f5a63d89620e40edd63dfbf 864282
libdpkg-perl_1.16.6_all.deb
Files:
45ba67322b7c5a2ed57734f4ff782703 1372 admin required dpkg_1.16.6.dsc
3a167325cbcda521b2b8c55fd297c912 3549060 admin required dpkg_1.16.6.tar.xz
3e455d8e3651e4225198b8e611dfc387 667800 libdevel optional
libdpkg-dev_1.16.6_amd64.deb
37550ca63674351c118f566fbadcdc1f 2267030 admin required dpkg_1.16.6_amd64.deb
4ef61996ee5595c1c9032a9ca314854a 1101358 admin optional
dselect_1.16.6_amd64.deb
a51ed9312def7def7dc3b6481cfe14b8 1144144 utils optional dpkg-dev_1.16.6_all.deb
265af924e852ca07b56611b284d442a6 864282 perl optional
libdpkg-perl_1.16.6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAk/vWRoACgkQuW9ciZ2SjJspwgCg3AaIh2a2SKquY9ISATlFlxV5
c0kAoNVPhV2Fg/3ihm5CtjQqZjKUhlwA
=ZUBu
-----END PGP SIGNATURE-----
--- End Message ---
