On Mon, Feb 05, 2018 at 08:20:54AM +0100, intrigeri wrote:
> intrigeri:
> > A) drop the child profiles (groff, filter), merge their rules into the
> >main /usr/bin/man profile, and use ix instead of Cx; these rules
> >are not particularly scary so this doesn't seem crazy an option
>
> I
Control: tag -1 + patch
intrigeri:
>> B) remove the AppArmor profile entirely and rely on seccomp instead
>> C) don't enable "no new privs" and rely on AppArmor instead
> I think B is fine given all the non-AppArmor hardening efforts Colin
> has been putting into man-db recently.
There we go:
intrigeri:
> A) drop the child profiles (groff, filter), merge their rules into the
>main /usr/bin/man profile, and use ix instead of Cx; these rules
>are not particularly scary so this doesn't seem crazy an option
I had a closer look and what's scary is not the rules that can be
found in
Hi,
gregor herrmann:
> drop_effective_privs()
> ++priv_drop_count = 1
> man: command exited with status 4: /usr/lib/man-db/zsoelim |
> /usr/lib/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e
> UTF-8 | tbl
> | nroff -mandoc -rLL=146n -rLT=146n -Tutf8
> hashtable_free: 9 entries,
On Sun, 04 Feb 2018 23:32:38 +, Colin Watson wrote:
> On Sun, Feb 04, 2018 at 11:42:57PM +0100, gregor herrmann wrote:
> > Since the upgrade to 2.8.0-1, man(1) is not really cooperative:
> Does MAN_DISABLE_SECCOMP=1 help?
Yes, `MAN_DISABLE_SECCOMP=1 man man' just works.
> I may have made
Control: severity -1 grave
On Sun, Feb 04, 2018 at 11:42:57PM +0100, gregor herrmann wrote:
> Since the upgrade to 2.8.0-1, man(1) is not really cooperative:
Does MAN_DISABLE_SECCOMP=1 help? I may have made the mistake of only
trying this with the kernel in Ubuntu 16.04, which I suspect is
Package: man-db
Version: 2.8.0-1
Severity: important
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Since the upgrade to 2.8.0-1, man(1) is not really cooperative:
%man man
output in pager:
man: /usr/lib/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE: Bad system
call (core dumped)
%
7 matches
Mail list logo
