Hi,
intrigeri:
> Dmitry Smirnov:
>>> If one of you feels responsible for maintaining this package but
>>> temporarily lacks time, I (or one of the attendees to one of the many
>>> upcoming BSPs) will gladly fix this with a NMU.
>> Please, please. That would be really nice if you could. Thanks.
Done (0.10.10-0.2). This was my first attempt at using dgit to NMU so
let's hope I did not bork it.
I'm attaching the 3 commits I did on top of 0.10.10-0.1.
Cheers,
--
intrigeri
>From 6c9e84a021b24d98314e44c1063712596752e1aa Mon Sep 17 00:00:00 2001
From: intrigeri
Date: Fri, 19 Jul 2019 14:49:19 +
Subject: [PATCH 1/3] Disable secctx in the default cachefilesd.conf (Closes:
#909523).
This configuration line assumes that:
- either there is no active LSM, which is wrong on Buster
where AppArmor is enabled by default;
- or SELinux is the active LSM, which is a rare configuration on Debian.
When this assumption is wrong, i.e. in most cases on current Debian
Buster/testing/sid, cachefilesd fails to start if this configuration
line is enabled.
---
cachefilesd.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cachefilesd.conf b/cachefilesd.conf
index 6905281..bf14950 100644
--- a/cachefilesd.conf
+++ b/cachefilesd.conf
@@ -21,4 +21,4 @@ fstop 3%
# Assuming you're using SELinux with the default security policy included in
# this package
-secctx system_u:system_r:cachefiles_kernel_t:s0
+# secctx system_u:system_r:cachefiles_kernel_t:s0
--
2.22.0
>From a5b3654d8f7fbdf81293be906f4f8603a59bad99 Mon Sep 17 00:00:00 2001
From: intrigeri
Date: Fri, 19 Jul 2019 14:54:11 +
Subject: [PATCH 2/3] README.Debian: document how to set the correct security
context under SELinux.
---
debian/README.Debian | 7 +++
1 file changed, 7 insertions(+)
create mode 100644 debian/README.Debian
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 000..4658b2b
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,7 @@
+SELinux
+===
+
+When the SELinux LSM is active, in order to set the correct security
+context for cachefilesd, uncomment the "secctx" line in
+/etc/cachefilesd.conf.
+
--
2.22.0
>From 044f44ed267e084cc24103a662456b0c7199ee09 Mon Sep 17 00:00:00 2001
From: intrigeri
Date: Fri, 19 Jul 2019 14:55:38 +
Subject: [PATCH 3/3] cachefilesd (0.10.10-0.2)
Git-Dch: Ignore
---
debian/changelog | 9 +
1 file changed, 9 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 1ec7b2f..74c5188 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+cachefilesd (0.10.10-0.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Disable secctx in the default cachefilesd.conf (Closes: #909523).
+Accordingly, document in README.Debian how to set the correct security
+context under SELinux.
+
+ -- intrigeri Fri, 19 Jul 2019 14:55:33 +
+
cachefilesd (0.10.10-0.1) unstable; urgency=medium
* Non-maintainer upload.
--
2.22.0