Your message dated Thu, 11 Feb 2016 21:54:23 +0000 with message-id <[email protected]> and subject line Bug#775651: fixed in systemd 229-1 has caused the Debian Bug report #775651, regarding systemd: /run/user/$UID directories are created with type tmpfs_t on SE Linux to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 775651: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775651 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: systemd Version: 215-9 Severity: normal # grep auditallow local.te auditallow domain tmpfs_t:dir create; # grep granted /var/log/audit/audit.log type=AVC msg=audit(1421563773.398:239): avc: granted { create } for pid=4302 comm="systemd" name="systemd" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:240): avc: granted { create } for pid=4302 comm="systemd" name="generator" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:241): avc: granted { create } for pid=4302 comm="systemd" name="generator.early" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir type=AVC msg=audit(1421563773.398:242): avc: granted { create } for pid=4302 comm="systemd" name="generator.late" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir # ls -laZ /run/user total 0 drwxr-xr-x. 4 root root system_u:object_r:var_auth_t:SystemLow 80 Jan 18 17:58 . drwxr-xr-x. 26 root root system_u:object_r:var_run_t:SystemLow 1080 Jan 18 17:58 .. drwx------. 3 root root system_u:object_r:var_auth_t:SystemLow 60 Jan 18 17:34 0 drwx------. 3 rjc rjc system_u:object_r:tmpfs_t:SystemLow 60 Jan 18 17:58 1001 I have an auditallow rule to audit creation of tmpfs_t directories. As you can see systemd creates such directories when I login. The directory "0" has the correct context because I ran "restorecon" but the directory "1001" has the wrong context because I just logged in as that user. There are no auto trans rules to give it the type tmpfs_t and the file_contexts also specify var_auth_t. I think that systemd is requesting tmpfs_t as the type. -- Package-specific info: -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii acl 2.2.52-2 ii adduser 3.113+nmu3 ii initscripts 2.88dsf-58 ii libacl1 2.2.52-2 ii libaudit1 1:2.4-1+b1 ii libblkid1 2.25.2-4 ii libc6 2.19-13 ii libcap2 1:2.24-6 ii libcap2-bin 1:2.24-6 ii libcryptsetup4 2:1.6.6-4 ii libgcrypt20 1.6.2-4+b1 ii libkmod2 18-3 ii liblzma5 5.1.1alpha+20120614-2+b3 ii libpam0g 1.1.8-3.1 ii libselinux1 2.3-2 ii libsystemd0 215-9 ii mount 2.25.2-4 ii sysv-rc 2.88dsf-58 ii udev 215-9 ii util-linux 2.25.2-4 Versions of packages systemd recommends: ii dbus 1.8.14-1 ii libpam-systemd 215-9 Versions of packages systemd suggests: pn systemd-ui <none> -- Configuration Files: /etc/systemd/journald.conf changed: [Journal] SystemMaxUse=25M -- no debconf information
--- End Message ---
--- Begin Message ---Source: systemd Source-Version: 229-1 We believe that the bug you reported is fixed in the latest version of systemd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Martin Pitt <[email protected]> (supplier of updated systemd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 11 Feb 2016 21:02:39 +0100 Source: systemd Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb systemd-dbg Architecture: source amd64 Version: 229-1 Distribution: unstable Urgency: medium Maintainer: Debian systemd Maintainers <[email protected]> Changed-By: Martin Pitt <[email protected]> Description: libnss-myhostname - nss module providing fallback resolution for the current hostname libnss-mymachines - nss module to resolve hostnames for local container instances libnss-resolve - nss module to resolve names via systemd-resolved libpam-systemd - system and service manager - PAM module libsystemd-dev - systemd utility library - development files libsystemd0 - systemd utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) systemd - system and service manager systemd-container - systemd container/nspawn tools systemd-coredump - tools for storing and retrieving coredumps systemd-dbg - system and service manager (debug symbols) systemd-journal-remote - tools for sending and receiving remote journal logs systemd-sysv - system and service manager - SysV links udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Closes: 775651 783692 802780 805514 Changes: systemd (229-1) unstable; urgency=medium . * New upstream release 229. - Fix systemctl behaviour in chroots. (Closes: #802780) - Fix SELinux context of /run/user/$UID. (Closes: #775651) - Add option to optionally turn of color output. (Closes: #783692) - Don't git-ignore src/journal-remote/browse.html. (Closes: #805514) - Do not warn about Wants depencencies on masked units. (LP: #1543282) * debian/systemd.install: Ship the new systemd-resolve. * libsystemd0.symbols: Add new symbols from this release. * systemd-coredump.postinst: Create systemd-coredump system user. * debian/tests/systemd-fsckd: Tame overly strict test for failed plymouth unit, which is a race condition with plymouthd auto-stopping. (LP: #1543144) * Drop timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch. initramfs-tools has mounted /usr since Jessie, and tzdata now creates /etc/localtime as a symlink too (see #803144). * Use-different-default-paths-for-various-binaries.patch: Drop path changes for setcap (which is already a build dep and not used at all) and sulogin (which is now in util-linux). * Remove obsolete udev maintainer script checks: - Drop check for kernel >= 2.6.32, which released in 2009. - Drop restarting of some daemons due to the devtmpfs migration, which happened before the above kernel even. - Drop support for forcing upgrades on kernels known not to work via /etc/udev/kernel-upgrade. Don't pretend that this would help, as users could end up with a non-bootable system. Always fail early in preinst when it's still possible to install a working kernel. - Drop postinst test for "running in containers" -- it's actually possible to run udev in containers if you mount /sys r/w and you know what you are doing. Also, the init.d script and systemd service do that check again. - Keep the kernel feature and chroot checks, as these are still useful. Simplify check_kernel_features() by eliminating some variables. - Drop debconf templates. Two of them are obsolete, and having CONFIG_SYSFS_DEPRECATED is now so implausible that this doesn't warrant the overhead and translator efforts. * Drop debian/tests/ifupdown-hotplug. The units moved into ifupdown, so the test should go there too (see #814312). * debian/tests/control: Reorder tests and add a comment which ones should not be run for an upstream build. * debian/tests/control: Rearrange tests and avoid removing test dependencies to minimize testbed resets. * Add debian/extra/checkout-upstream: Script to replace the current source with a checkout of an upstream pull request, branch, or commit, and remove debian/patches/. Call from debian/rules if $TEST_UPSTREAM is set. This will be used for upstream CI. * Enable seccomp support on powerpc, ppc64el, and s390x. Checksums-Sha1: 0c74a1d1b0e109049869f415c2196c941bda68b2 4073 systemd_229-1.dsc 6e1bf5b5746fa5015f04a08881795fee7a5a4f47 4319173 systemd_229.orig.tar.gz 4ec39fc891824efba200f6221c77de3ea70ccdcb 116240 systemd_229-1.debian.tar.xz 72d6f31ef0c33395eb897809288653a77b076e26 84738 libnss-myhostname_229-1_amd64.deb 9090209d9427479de7176db6417aae1ff9b99dce 164886 libnss-mymachines_229-1_amd64.deb ff270d0ea594ef8167385c8a65fc546e243d4aa7 164120 libnss-resolve_229-1_amd64.deb b8c948fcba9ee6448ee217e982dfc3a977952180 166872 libpam-systemd_229-1_amd64.deb e1cec8267546be8ad2d1b10deddfcefcce660028 210494 libsystemd-dev_229-1_amd64.deb 127aaedb3d37c9c0f03c265ec7bb47e2cf2cc9e0 254286 libsystemd0_229-1_amd64.deb 68b05c8690b632f2a88cde430fd076131e916486 70880 libudev-dev_229-1_amd64.deb 912b1235b518a6c7137c8889bd2dc0fb640678ac 47798 libudev1-udeb_229-1_amd64.udeb fb0114820deef9986a8db9f2eb283376bc12024c 103520 libudev1_229-1_amd64.deb a97c10a88eb371901ef340c60fc978730e45c6dc 701356 systemd-container_229-1_amd64.deb 539b0bc4d8ad6771d3f93d4f78b9d7688f06c189 158634 systemd-coredump_229-1_amd64.deb 9e2214c1ab6a7a1d9a06560039988c4d089ec222 30124276 systemd-dbg_229-1_amd64.deb b911bb242d690f5d34ff35196809fc00097642f9 314624 systemd-journal-remote_229-1_amd64.deb 2d04d191b4f47f16754a3dccba7131e0cdf72400 61022 systemd-sysv_229-1_amd64.deb dafde57244614ba7504f54c2f5c9b04ce062161a 3659612 systemd_229-1_amd64.deb dbd2b9184798e78d61dcf98d5f256ee034361878 266686 udev-udeb_229-1_amd64.udeb 6c9b49ac23296715cf2246c8798686d0b0c2b21e 1037672 udev_229-1_amd64.deb Checksums-Sha256: d0d475dfdddfab4947f0e7a7bb0ba031646b204718038b22e7a70533c2bb0756 4073 systemd_229-1.dsc b51b0a48d1beb388d95bd6a98d62be05490335d4bb388aefecdcb576e91e0741 4319173 systemd_229.orig.tar.gz 5bd93acb28c94fc78a08d5072c8ff77b5bbfd78ca0914e9b9def03926f534927 116240 systemd_229-1.debian.tar.xz 4ac5a802cd9199bc4cfbc4e381c6c60bf695e8ee47d2c6e76196df9a5774392d 84738 libnss-myhostname_229-1_amd64.deb 12fe418a1fe6780c52420289e17cf27f1189bf5a6fe984ffa9926d3ce020cd00 164886 libnss-mymachines_229-1_amd64.deb 40ff97eedb5e611b851dca43804fbf1d1d10e2c32c68465dd17a595c989e1d0d 164120 libnss-resolve_229-1_amd64.deb 59a1abbd4eaa05f7ea19e33957152d92d2400789e37b398bed165cb0a108e5d3 166872 libpam-systemd_229-1_amd64.deb 4e8e278e6f442dcf357c0ef0b89b43a6b2c42fd3f1aceed616524abf06a8fd6d 210494 libsystemd-dev_229-1_amd64.deb 00b79477393e0af802ecaa43103c04707e14bddd90c811da7af32d6b9eacf62c 254286 libsystemd0_229-1_amd64.deb 95fc96ccb420c9b633aedf6d5a58f90dc09576bcb2a795390ed2b86bf8176a70 70880 libudev-dev_229-1_amd64.deb 041bad69be3f10f23573159842186fe4569c29d89c0822eaf6c2c57a9d32a6d6 47798 libudev1-udeb_229-1_amd64.udeb 012c95c537adc065f51c2c1b50da20b5b234d4631cf159aeca4d2fe48d9981e1 103520 libudev1_229-1_amd64.deb c0551753fb5f95e618745411b34d44d630b49383c28d333a470472ea275e0576 701356 systemd-container_229-1_amd64.deb cd4007b296feee8f8a9fbcdb7a458246d6d9fe91afa97ab826a09a3e8012e00b 158634 systemd-coredump_229-1_amd64.deb af6f59d2a28c684346e6a26d58c420a947cedda1299498400b13ee4d3679a0d6 30124276 systemd-dbg_229-1_amd64.deb c43de744a083ca59a6b623df7de396c22b5f9a8888cd3810e2fcd8aebd66334b 314624 systemd-journal-remote_229-1_amd64.deb ddd9bfd1037a1a43e4ac09ff99a3584e16209e202063e876a6e2b797ddaf7319 61022 systemd-sysv_229-1_amd64.deb fe94e16672bdacc0d90898e3824d93896776f9f9707960d162b2f9b66dde789c 3659612 systemd_229-1_amd64.deb 50f5a98a31fecdf33ae89a24974baeee71ecbeb0e51903262bc77a5e3a2d78d6 266686 udev-udeb_229-1_amd64.udeb c311a2020163ab3f2b8164cc6d667689c4aa6eb67cc56be9cbfeda3a28af2d2c 1037672 udev_229-1_amd64.deb Files: 9bb0dd7da0869c3ef5f3232b3b8b0809 4073 admin optional systemd_229-1.dsc 5d696f65381b2608da70544df07c2b3c 4319173 admin optional systemd_229.orig.tar.gz cbfb30dff07316833ed60088f2c1dbba 116240 admin optional systemd_229-1.debian.tar.xz 77550bf5883510611d3ee31ff755de80 84738 admin extra libnss-myhostname_229-1_amd64.deb 433c3789e81b82e074839bf93d25fdc9 164886 admin extra libnss-mymachines_229-1_amd64.deb 856daabb3fc1324c5c676e87167051ed 164120 admin extra libnss-resolve_229-1_amd64.deb defa0cfa16617bb826b5207eba42bc85 166872 admin optional libpam-systemd_229-1_amd64.deb ddddf9078c32867a5cda6bf0bca7038f 210494 libdevel optional libsystemd-dev_229-1_amd64.deb 6d7beb3771d772cc662bcf654471f9bf 254286 libs optional libsystemd0_229-1_amd64.deb 2b91c4b717b9b79d083447ed5619f3eb 70880 libdevel optional libudev-dev_229-1_amd64.deb b0a6686d6384fb7058023bd01c1b6b95 47798 debian-installer optional libudev1-udeb_229-1_amd64.udeb e081f6d122e8ceaa6da1761d9595ac57 103520 libs important libudev1_229-1_amd64.deb 9e1a61055fe47017e0595066e37a78e5 701356 admin optional systemd-container_229-1_amd64.deb e22945c45823303a073903aa94ca5499 158634 admin optional systemd-coredump_229-1_amd64.deb edd4760954a8d3232f3f0fd462550ecf 30124276 debug extra systemd-dbg_229-1_amd64.deb 62ad002f574eb41a0ce5b86d961b5486 314624 admin optional systemd-journal-remote_229-1_amd64.deb d378fdf63fe5067734ccd826856e8ede 61022 admin important systemd-sysv_229-1_amd64.deb 3692f600d0ff09d37790fa479e3e743d 3659612 admin important systemd_229-1_amd64.deb 185f0c8ea3ff768db13976cf41180459 266686 debian-installer optional udev-udeb_229-1_amd64.udeb ca7f457c765c7b7cdc8ccefb2b30783b 1037672 admin important udev_229-1_amd64.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWvO/cAAoJENFO8V2v4RNHov8P/3PHZPaS5K9fTcWzWJamX7YN glh6wr154tdy65GFrUIxA8HpmkJyCn2z+BIpZC+YQxjIQEkaHKrxHzvf8pGIi2mC W89tGDrE8zX2Po6+5E+AO1uyUBRPN/gQjfn6ymz5Js4LoBQZT6bnxL7OKF6xgfJi SAzYl0rA0HxOTkOMgnPpFhf1U+P/GYZorVc6e2GJaTmKvKy5bHwLLd2nbLbil6Dm upRTpPY3jHBxxNZFc+MpV7aodS1tTO5+upa1ahTh4/W8L7kTML5FkdMuMsiVMHPj R/2ef7w8G+FvSiHRzhfQBMJctg+A+6mNV0f2xaTOiB5GFkayFxheHiXu1P0FIv4L qRWkLhvjT4evA752OPyy5Gu68JmQnQkgJQDaazZi95tyn46XfqBnLQv8PjNHVUoh yBdItznW9QMN4LDItYPKTVkbdY53E7rhQeDkPgT5/t5psUnMNLVB7asRPDCLeG1j 6n9x1S6cpgnw8SE1iga5cMYWSXfc979aVNKknD0nb4OcEwTYb8f0jKXKRiUsla1U SZ2FIV5lSHR5XyFBfht/zz0USjIojup1oOKaE5r5CMH3rCjB8mZ5or4gPivUECB/ n3SnkcHYtKj/1eaB2bKB85j2S9a6ersPt2fMdswBGq69ih822jOyiXPYvTth7S96 z94Km4GKSodc0AX/2/+f =XJXB -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
