Your message dated Tue, 18 Jan 2022 19:59:06 +0100
with message-id
<CAJ2a_DcEKMABOkyqK5AUD9=xbhf5ffwe9on-er5u3qf3zfq...@mail.gmail.com>
and subject line Re: quassel-core: do not require execmem
has caused the Debian Bug report #941994,
regarding quassel-core: do not require execmem
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
941994: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941994
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: quassel-core
Version: 1:0.13.1-1
Severity: wishlist
Currently quassel-core requires the SELinux process permission execmem.
This is not a problem by itself, but for a 24/7 daemon hanging on the
internet it would be nice to not require it.
Maybe there is a way to disable jit/scripting/... at build time?
Best regards
Christian Göttsche
p.s.: info for the case execmem is prohibited:
SELinux denial
type=PROCTITLE msg=audit(10/06/19 18:35:21.946:42) :
proctitle=/usr/bin/quasselcore --configdir=/var/lib/quassel
--logfile=/var/log/quassel/core.log --loglevel=Info --port=4242
--listen=::,0.
type=SYSCALL msg=audit(10/06/19 18:35:21.946:42) : arch=x86_64
syscall=mmap success=no exit=EACCES(Permission denied) a0=0x0
a1=0x80000000 a2=PROT_READ|PROT_WRITE|PROT_EXEC
a3=MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE items=0 ppid=1 pid=462
auid=unset uid=quasselcore gid=quassel euid=quasselcore
suid=quasselcore fsuid=quasselcore egid=quassel sgid=quassel
fsgid=quassel tty=(none) ses=unset comm=QThread
exe=/usr/bin/quasselcore subj=system_u:system_r:quasselcore_t:s0
key=(null)
type=AVC msg=audit(10/06/19 18:35:21.946:42) : avc: denied { execmem
} for pid=462 comm=QThread
scontext=system_u:system_r:quasselcore_t:s0
tcontext=system_u:system_r:quasselcore_t:s0 tclass=process
permissive=0
Quassel self-backtrace
Quassel IRC: 0.13.1 3778a12912369eb5add886bb65ca74e9df841744
# 0 quasselcore 0x000055eefb383634 0x0000000000000000
# 1 quasselcore 0x000055eefb358eba 0x0000000000000000
# 2 quasselcore 0x000055eefb388b03 0x0000000000000000
# 3 libQt5Core.so.5 0x00007f9b8e2ad463
QMetaObject::activate(QObject*, int, int, void**)
# 4 quasselcore 0x000055eefb38495e 0x0000000000000000
# 5 quasselcore 0x000055eefb38444d 0x0000000000000000
# 6 libQt5Core.so.5 0x00007f9b8e2ad463
QMetaObject::activate(QObject*, int, int, void**)
# 7 libQt5Core.so.5 0x00007f9b8e2b8b79
QSocketNotifier::activated(int, QSocketNotifier::QPrivateSignal)
# 8 libQt5Core.so.5 0x00007f9b8e2b8ec1 QSocketNotifier::event(QEvent*)
# 9 libQt5Core.so.5 0x00007f9b8e284006
QCoreApplication::notifyInternal2(QObject*, QEvent*)
# 10 libQt5Core.so.5 0x00007f9b8e2d5fea 0x0000000000000000
# 11 libglib-2.0.so.0 0x00007f9b8d4ecebd g_main_context_dispatch
# 12 libglib-2.0.so.0 0x00007f9b8d4ed140 0x0000000000000000
# 13 libglib-2.0.so.0 0x00007f9b8d4ed1cf g_main_context_iteration
# 14 libQt5Core.so.5 0x00007f9b8e2d53c7
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
# 15 libQt5Core.so.5 0x00007f9b8e282cfb
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
# 16 libQt5Core.so.5 0x00007f9b8e28acd2 QCoreApplication::exec()
# 17 quasselcore 0x000055eefb225c8b 0x0000000000000000
# 18 libc.so.6 0x00007f9b8dc8dbbb __libc_start_main
# 19 quasselcore 0x000055eefb23154a _start
gdb backtrace
#0 0x00007ffff7c0a935 in
QTJSC::FixedVMPoolAllocator::FixedVMPoolAllocator
(totalHeapSize=2147483648, commonSize=<optimized out>,
this=0x7ffff002be10)
at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp:314
#1 QTJSC::ExecutablePool::systemAlloc (size=size@entry=16384) at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp:447
#2 0x00007ffff7c9b9c8 in QTJSC::ExecutablePool::ExecutablePool
(n=16384, this=0x7ffff417e960) at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h:258
#3 QTJSC::ExecutablePool::create (n=16384) at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h:97
#4 QTJSC::ExecutableAllocator::ExecutableAllocator
(this=0x7ffff41789c8) at
../3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.h:150
#5 QTJSC::JSGlobalData::JSGlobalData (this=0x7ffff4177800,
isShared=<optimized out>) at
../3rdparty/javascriptcore/JavaScriptCore/runtime/JSGlobalData.cpp:145
#6 0x00007ffff7c9be68 in QTJSC::JSGlobalData::create () at
../3rdparty/javascriptcore/JavaScriptCore/wtf/FastAllocBase.h:98
#7 0x00007ffff7d4440c in QScriptEnginePrivate::QScriptEnginePrivate
(this=0x7ffff0004a00) at api/qscriptengine.cpp:989
#8 0x00007ffff7d44f9f in QScriptEngine::QScriptEngine
(this=0x7ffff000a3c0, parent=0x7ffff0005210) at
api/qscriptengine.cpp:2057
#9 0x00005555556047e5 in CoreSession::CoreSession
(this=0x7ffff0005210, uid=..., restoreState=<optimized out>,
strictIdentEnabled=<optimized out>, parent=<optimized out>) at
./src/core/coreeventmanager.h:33
#10 0x00005555556555e7 in (anonymous namespace)::Worker::initialize
(this=0x5555558d3d10) at ./src/core/sessionthread.cpp:48
#11 (anonymous namespace)::Worker::qt_static_metacall
(_o=0x5555558d3d10, _c=<optimized out>, _id=<optimized out>,
_a=<optimized out>) at
./obj-x86_64-linux-gnu/src/core/mod_core_autogen/include/sessionthread.moc:87
#12 0x00007ffff77b8463 in QMetaObject::activate(QObject*, int, int,
void**) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007ffff75dcde7 in QThread::started(QThread::QPrivateSignal) ()
from /lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007ffff75e79f0 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#15 0x00007ffff7159fb7 in start_thread () from
/lib/x86_64-linux-gnu/libpthread.so.0
#16 0x00007ffff726c2ef in clone () from /lib/x86_64-linux-gnu/libc.so.6
--- End Message ---
--- Begin Message ---
Version: 1:0.14.0-1
Version 0.14 dropped the dependency on QtScript, which resolved the
reported mandatory usage of execmem.
There is still an optional usage, caused by pcre2 jit compilation, but
quasselcore works fine without the execmem SELinux permission now.
openat(AT_FDCWD, "/etc/ssl/certs/",
O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 7
newfstatat(7, "", {st_mode=S_IFDIR|0755, st_size=20480, ...}, AT_EMPTY_PATH) = 0
brk(0x55c39b927000) = 0x55c39b927000
getdents64(7, 0x55c39b8fe0b0 /* 261 entries */, 32768) = 11144
mmap(NULL, 65536, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3d02c10000
mprotect(0x7f3d02c10000, 65536, PROT_READ|PROT_WRITE|PROT_EXEC) = 0
statx(AT_FDCWD, "/etc/ssl/certs/a3418fda.0", AT_STATX_SYNC_AS_STAT,
STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0,
stx_mode=S_IFREG|0644, stx_size=769, ...}) = 0
brk(0x55c39b91f000) = 0x55c39b91f000
close(7) = 0
#0 __GI___mmap64 (offset=0, fd=-1, flags=34, prot=7, len=65536,
addr=0x0) at ../sysdeps/unix/sysv/linux/mmap64.c:59
#1 __GI___mmap64 (addr=addr@entry=0x0, len=len@entry=65536,
prot=prot@entry=7, flags=flags@entry=34, fd=fd@entry=-1,
offset=offset@entry=0) at ../sysdeps/unix/sysv/linux/mmap64.c:47
#2 0x00007fae09cbf3e7 in alloc_chunk (size=65536) at
src/sljit/sljitExecAllocator.c:186
#3 sljit_malloc_exec (size=64, size@entry=32) at
src/sljit/sljitExecAllocator.c:300
#4 0x00007fae09ceca4a in pcre2_jit_compile_16 (code=0x5637c4eebc20,
options=7) at src/pcre2_jit_compile.c:14205
#5 0x00007fae0aa88acc in QRegularExpressionPrivate::compilePattern
(this=0x5637c4f38ed0) at text/qregularexpression.cpp:1035
#6 0x00007fae0aa8c168 in QRegularExpression::match
(this=this@entry=0x5637c4f262b8, subject=..., offset=offset@entry=0,
matchType=matchType@entry=QRegularExpression::NormalMatch,
matchOptions=matchOptions@entry=...) at
text/qregularexpression.cpp:1705
#7 0x00007fae0aaf13b4 in QDirIteratorPrivate::matchesFilters
(this=0x5637c4f241d0, fileName=..., fi=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:121
#8 0x00007fae0aaf257c in QDirIteratorPrivate::entryMatches
(fileInfo=..., fileName=..., this=0x5637c4f241d0) at
io/qdiriterator.cpp:238
#9 QDirIteratorPrivate::advance (this=0x5637c4f241d0) at
io/qdiriterator.cpp:278
#10 0x00007fae0aaf2c70 in QDirIteratorPrivate::QDirIteratorPrivate
(this=0x5637c4f241d0, entry=..., nameFilters=..., filters=...,
flags=..., resolveEngine=<optimized out>) at io/qdiriterator.cpp:196
#11 0x00007fae0aaf33bc in QDirIterator::QDirIterator
(this=this@entry=0x7ffe74bb8c68, path=..., nameFilters=...,
filters=filters@entry=..., flags=flags@entry=...) at
io/qdiriterator.cpp:498
#12 0x00007fae0b124e24 in
QSslSocketPrivate::ensureCiphersAndCertsLoaded () at
ssl/qsslsocket_openssl.cpp:2058
#13 0x00007fae0b12502a in QSslSocketPrivate::ensureInitialized () at
ssl/qsslsocket_openssl.cpp:781
#14 0x00007fae0b0f6b57 in
QSslCertificatePrivate::QSslCertificatePrivate (this=0x5637c4ef5000)
at ssl/qsslcertificate_p.h:93
#15 QSslCertificate::QSslCertificate (this=this@entry=0x5637c4eec500,
data=..., format=format@entry=QSsl::Pem) at
ssl/qsslcertificate.cpp:186
#16 0x00005637c3ee8261 in SslServer::SslServer
(this=this@entry=0x5637c4eec4e8, parent=parent@entry=0x0) at
./src/core/sslserver.cpp:31
#17 0x00005637c3e33da7 in Core::Core (this=this@entry=0x5637c4eec480)
at ./src/core/core.cpp:74
#18 0x00005637c3e3c3dc in std::make_unique<Core> () at
/usr/include/c++/11/bits/unique_ptr.h:962
#19 CoreApplication::init (this=this@entry=0x7ffe74bb8e50) at
./src/core/coreapplication.cpp:34
#20 0x00005637c3dfb394 in main (argc=<optimized out>,
argv=0x7ffe74bb90e8) at ./src/main/main.cpp:110
--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
