Package: initramfs-tools
Version: 0.38
Severity: normal
Unix98 pseudo-ttys are the standard feature nowadays and BSD ptys are
deprecated. Also there is no possibility of using ptys in an initramfs anyway.
So these should not be created.
-- System Information:
Debian Release: testing/unstable
Package: initramfs-tools
Version: 0.38
Severity: normal
Having cpio break sym-links is undesirable. For the case of shared objects
it's probably best to use cp -L to break the links while copying.
Currently the initrd is generated with both /bin/busybox and /bin/sh having
the same file
Package: initramfs-tools
Version: 0.38
Severity: normal
The initramfs generated on a LVM IDE system does not create /dev/hda* device
nodes, so vgchange doesn't discover any LVM devices and therefore the
machine can't boot.
-- System Information:
Debian Release: testing/unstable
APT prefers
On Tuesday 04 October 2005 06:30, Manoj Srivastava [EMAIL PROTECTED]
wrote:
The reason for this is apparently the difference in the
directory layout: the subdir strict is missing. I really think we
should put the sources for the policy in /etc/selinux/; using the
same dir structure
Every macros/program file should be included all the time. If I was going to
maintain the policy package in it's current form for the long-term I would
prevent it from deleting the macro files, but hopefully the package will be
obsolete soon.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
Package: liblzo1
Version: 1.08-2
Severity: normal
readelf -l /usr/lib/liblzo.so.1.0.0 | grep STACK shows that the shared object
is listed as requiring an executable stack. I believe that this is a mistake,
probably due to including assembler without specifying the appropriate data to
list is as
Package: python2.3-iconvcodec
Version: 1.1.2-1
Severity: normal
Probably as a result of using assembler code without the extra section for
labelling this file is marked as needing an executable stack. This means
that it does not work correctly on SE Linux and GRSec systems.
See
Package: postgresql-8.1
Severity: normal
When started from an administrator terminal the postgresql daemon inherits the
administrator's terminal as the controlling tty. This means that the daemon if
compromised could be used to attack the administrator by injecting terminal
input.
To prevent
On Monday 14 November 2005 04:19, Martin Pitt [EMAIL PROTECTED] wrote:
Thanks for your report. I see that keeping tty descriptors open is a
problem. However, how can I check this? I started a cluster from the
command line ('pg_ctlcluster 8.1 main start') and used 'lsof' to get
the open fds,
I suspect that part of the problem is the large number of updates. Have there
been any tests on having daily and weekly updates? If I have not updated for
13 days then there is going to be a complete calendar week in that time
period, so the download would be one weekly pdiff and 6 daily
On Monday 11 December 2006 20:57, maximilian attems [EMAIL PROTECTED]
wrote:
The major issue is that the depmod
program is simply larger than a full modules.dep file when compressed.
Given that most sane configurations will not have the complete set of
kernel modules (I use modules=list
Package: planet
Version: 2.0-3
Severity: normal
In a typical planet configuration many blogs will be aggregated, some of
which will be on slow links. The current code appears to download each
XML file in turn, which results in a very slow process.
Planet should download multiple blog XML files
Package: planet
Version: 2.0-3
Severity: normal
If the interval is 60 then the first field is '*' which means that the
cron job is run every minute for the selected hours. It should be 0 for
the first field.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT
Package: linux-image-2.6.18-1-xen-686
Severity: important
It seems that one serial port is supported for a console, but the other
serial port (two ports was a standard feature in PCs until very
recently) is not supported in any way. If you want to use a modem, UPS,
or other device that connects
Is this package even useful anymore? I hear rumours that it's being
obsoleted...
Correct. Please file no more bugs against it as it will either totally
disappear or be replaced by a package with almost no code in common with it.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
On Monday 02 October 2006 23:06, Steinar H. Gunderson
[EMAIL PROTECTED] wrote:
Shouldn't a bug be filed against ftp.debian.org asking for its removal,
then?
Yes, but let's get the replacement finished first.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
The following will significantly reduce the size of an initramfs when busybox
is used while also enabling all busybox commands (handy if you have an option
to run a shell from the initramfs for recovery). In spite of what maks
thinks, the busybox option is still there, so it should be made to
Package: policycoreutils
Version: 1.32-1
Severity: normal
The audit2allow program recommends installing the checkpolicy rpm
package if checkpolicy is not available. This confuses Debian people
who then have to determine the correct Debian package to install.
It should be changed to mention the
Package: udev
Version: 0.103-1
Severity: normal
kernel.hotplug=/sbin/udevsend
I have to add the above to /etc/sysctl.conf to get Xen to work. I
believe that it should be in the default configuration.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Package: udev
Version: 0.100-2.2
Severity: normal
Tags: patch
The below patch has two parts. The first part fixes a minor bug in that
get_media() should not be called with devname==NULL.
The second is more serious, the current code will label the target of a
sym-link rather than the link
On Friday 20 January 2006 01:17, Amaya [EMAIL PROTECTED] wrote:
Marcus Better wrote:
I am not a DD. Should I ask someone to do an NMU on these packages?
I have not yet carefully looked at your patches, but I would be happy to
do so, and upload and so on... But finding a long term Maintainer
On Friday 20 January 2006 11:44, Amaya [EMAIL PROTECTED] wrote:
Russell Coker wrote:
I don't have the time that this package needs (as is probably
obvious). I welcome a package takeover by someone such as Amaya.
Hi there, Russell. While I am not interested in maintanining it, I
Package: java-gcj-compat-headless
Version: 1.0.78-2
Severity: normal
Below are the errors that I get when running a simple
ec2-describe-images command from the EC2 API Tools.
I can supply a Debian package of the EC2 API Tools for private testing,
but it's not free so I can't publish it.
Package: liballegro4.2
Version: 2:4.2.2-2
Severity: normal
http://etbe.coker.com.au/2008/09/11/execmod-and-se-linux-i386-must-die/
The above URL has some background information on the execmod issue.
The assembler code in liballegro4.2 causes execmod to be needed because
it apparently uses
Package: kball
Version: 0.0.20041216-5
Severity: normal
When you are in the editor, if you press L to load a file it will immediately
infom you that it will replace the current level and ask for confirmation.
This is annoying when you have just entred the editor or have just saved the
level. It
Package: kball
Version: 0.0.20041216-5
Severity: normal
The ENTER key on the numeric keypad doesn't work with this game.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: kgoldrunner
Version: 4:3.5.10-1
Severity: normal
Kgoldrunner stores it's levels under ~/.kde/share/apps/kgoldrunner. The
process of copying files from there to export is not obvious to
non-technical users (the vast majority of people who want to play the
game).
It should be possible to
Package: iputils-ping
Version: 3:20071127-1
A common use of ping is to ping a host while there is a network outage
so that it will be noticed when the problem is resolved.
When doing that it would be good if it could display something like the
following:
1 minute since the last response
2
It seems unlikely that I will get MLS even remotely usable before Lenny.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
close 476222
thanks
selinux-policy-refpolicy-targeted is obsolete and selinux-policy-default has
the Amavis/Clamav policy working in a different way (it all runs as clamd_t).
So this one is already fixed.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
What does ls -lZ /usr/sbin/gdm report?
I expect that it has the wrong type. Try running:
selinux-policy-update ; restorecon -R -v /usr/sbin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sorry, I can't reproduce this.
Please give me the exact configuration directives for the postfix main.cf
needed to trigger it and a diff from the version that doesn't.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
I can't reproduce this.
Do you have the dbus module loaded? Run semodule -l|grep dbus.
What AVC messages do you get when you fail to start hal?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: ntp
Version: 1:4.2.4p4+dfsg-7
Severity: normal
# ntpq
Name or service not known
ntpq
Above is the result of running ntpq on a system with no entry in
/etc/hosts for localhost. It would be good if this could be changed
to name localhost not known which makes it more immediately obvious
Package: xen-utils-common
Version: 3.2.0-2
Severity: normal
When file: sources are used for Xen block devices the Xen system will
use a loopback device for each one. It's quite common for DomUs to be
configured with two block devices (one for storage and one for swap) and
not uncommon to have a
Package: xen-utils-3.2-1
Version: 3.2.1-2
Severity: normal
When a DomU is defined as using a file: device the loopback driver will
be used to make it appear to be a regular block device. The loopback
driver will by default only support 8 nodes so this is a limited
resource.
Package: doxygen
Version: 1.5.6-2
Severity: normal
The below output from doxygen is from building the ffmpeg package on a
machine with limited disk space. The doxygen program should give an
error message about a lack of disk space not SEGV.
Preprocessing
When booting kernel 2.6.25-7 on my EeePC 701 about 50% of the time the machine
will hang at the setting clock stage. This sounds similar to the problem
described here and in #479709.
Also when I try to boot kernel 2.6.26-3 the machine will abruptly power-down
shortly after I enter the
Package: randomsound
Version: 0.2-2
Severity: important
Randomsound doesn't create a pid file. The restart and force-reload
targets in the init.d script look for one and therefore don't work as
desired. Every time you run /etc/init.d/randomsound restart an extra
copy of the daemon is launched
Package: alsa-utils
Version: 1.0.16-2
Severity: normal
Config files belong under /etc not under /usr.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Tuesday 30 September 2008 04:15, Elimar Riesebieter [EMAIL PROTECTED]
wrote:
Package: alsa-utils
Version: 1.0.16-2
Severity: normal
Config files belong under /etc not under /usr.
To be honest: Which config files do you mean?
/usr/share/alsa/alsa.conf
--
To UNSUBSCRIBE, email
Package: lists.debian.org
Severity: normal
Gmail sends out all mail signed with DKIM and DomainKeys, the DKIM
signatures do not include a length field so any change to the message
length (such as appending a list footer) will break the signature.
To deal with this problem the default
Package: lists.debian.org
Severity: normal
To prevent forgeries of mail from the lists.debian.org server I believe
that we should have DKIM installed to sign all outbound mail. It really
is not difficult to do in Lenny, and it shouldn't be difficult to
back-port the relevant packages to Etch if
Package: dkim-filter
Version: 2.6.0.dfsg-1
Severity: important
I tag this bug as important because some people are prevented from using
DKIM due to the configuration of some list servers that are important to
them (such as lists.debian.org).
The DKIM milter should support the use of the length
On Friday 03 October 2008 18:32, Thomas Viehmann [EMAIL PROTECTED] wrote:
To prevent forgeries of mail from the lists.debian.org server I believe
that we should have DKIM installed to sign all outbound mail. It really
is not difficult to do in Lenny, and it shouldn't be difficult to
On Friday 03 October 2008 19:02, Thomas Viehmann [EMAIL PROTECTED] wrote:
Of course, even more preferable would be if people designing standards
would not expect users to change the ways they sign messages (l=) based
on whether it's going to be sent to a list or not as the only way to
On Friday 03 October 2008 22:06, Thomas Viehmann [EMAIL PROTECTED] wrote:
Yeah, and the messages don't originate at lists.debian.org, they are
merely forwarded. The little I read (in the discussion of the l= length
field) seems to indicate that the designers of DKIM agree that
forwarders
Package: openjdk-6
Version: 6b11-6
Severity: normal
I get the below errors when trying to run the Amazon EC2 API tools
(which are non-free - I can give you a package of them for your own test
purposes if that will help but I can't publish them).
A Java expert has suggested that it might be
Package: postfix-policyd-spf-perl
Version: 2.005-2
Severity: normal
Having a daemon or server process run as nobody is a bad idea because if more
than one daemon or server does it then one compromised daemon could attack
others.
Please make the postinst create an account named postfix-policy or
Package: postfix-policyd-spf-perl
Version: 2.005-2
Severity: normal
If the daemon is launched as perl /usr/sbin/postfix-policyd-spf-perl then
some versions of Postfix will report errors as occurring in perl rather than
in /usr/sbin/postfix-policyd-spf-perl. If you have more than one Postfix
Package: postfix-policyd-spf-perl
Version: 2.005-2
Severity: normal
http://www.rfc.net/rfc2606.txt
RFC 2606 describes the use of example.com and similar domains. Instead of
using some.domain.tld in the man page it should use official example domains.
The example in the man pages uses three
On Saturday 26 July 2008 10:26, Scott Kitterman [EMAIL PROTECTED] wrote:
The example in the man pages uses three domains, they could be replaced
with example.com, example.net, and example.org to give a result that will
never cause unexpected results if used on the net and which I believe
Package: postfix-doc
Version: 2.5.2-2
Severity: normal
The file /usr/share/doc/postfix/SMTPD_POLICY_README.gz has example domains
bar.tld and another.domain.tld.
http://www.rfc.net/rfc2606.txt
As recommended in the BCP document RFC2606 the best names for such examples
are example.com,
Below are some SPF entries that appear in full in the output of logwatch
7.3.6.cvs20080702-1 (in the unmatched entries section).
I'm running postfix-policyd-spf-perl version 2.005-2 (from Lenny).
Jul 26 08:04:46 etbe postfix/policy-spf[23512]: : SPF pass:
smtp_comment=Please see
Package: linux-image-2.6.25-2-686
Version: 2.6.25-7
Severity: normal
I'm running this kernel on my EeePC 701. When I tell the system to halt it
shuts down almost everything (the screen goes off) and then hangs. It leaves
one LED on and produces some heat as the only indications that it's not
close 430495
merge 426224 430495
thanks
Need to merge all bugs for this for everyone's convenience
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
close 344471
thanks
Due to lack of further data I think that this one should be closed.
The source to all parts of this issue has been changed in the mean-time so the
old bug report doesn't seem relevant.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Package: rsyslog
Version: 3.16.2-1
Severity: normal
In Lenny /etc/init.d/sysklogd has the following in it's
create_xconsole() function:
test ! -x /sbin/restorecon || /sbin/restorecon /dev/xconsole
That gives the correct labelling of the pipe on SE Linux systems (and
causes no inconvenience for
Package: login
Version: 1:4.1.1-3
Severity: normal
# session required pam_selinux.so multiple
The above line is currently in /etc/pam.d/selinux. When the newer PAM
packages go in we need to get the multiple changed to select_context
(or possibly removed entirely).
PAM 1.0.1 is currently in
Package: kgoldrunner
Version: 4:3.5.9-2
Severity: normal
When the number of wraiths is increased the amount of CPU time taken for
the game increases dramatically.
On a P4-1.5GHz with 15 wraiths about 50% of the machine's CPU time is
used. With 20 wraiths about 80% is used, and with 30 100% CPU
I've just been told that PAM version 1.0.1-1 is going in Lenny.
I would appreciate it if you could propose a package fixing this bug as a
candidate for Lenny.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: python-selinux
Version: 2.0.65-2
Severity: normal
The audit2why program from policycoreutils version 2.0.49-5 fails in the
following manner, I don't know why.
# audit2why /dev/null
Traceback (most recent call last):
File /usr/bin/audit2allow, line 348, in module
app.main()
File
[ 31.780286] warning: `ntpd' uses 32-bit capabilities (legacy support in
use)
Changing the build-depends alone with no other changes avoids the above kernel
warning message from kernel 2.6.25 (the Lenny kernel).
Could you please fix this ASAP and apply to have the fix included in Lenny.
to latest SE Linux code by Russell Coker 3rd Aug 2008
diff -ru xdm-1.1.8-prese/configure.ac xdm-1.1.8/configure.ac
--- xdm-1.1.8-prese/configure.ac2008-05-22 04:24:55.0 +1000
+++ xdm-1.1.8/configure.ac 2008-08-03 07:37:02.0 +1000
@@ -116,6 +116,23
The reason for putting SE Linux in permissive mode is that if the filesystem
is corrupted then the wrong labels may be on files and that may prevent
recovery operations.
The alternative to automatically doing it is for the sys-admin to do so
manually if the need arises.
I find it difficult to
Package: libtheora0
Version: 1.0~beta3-1
Severity: important
http://etbe.coker.com.au/2007/02/10/execmod/
The above URL has background information on the execmod denial from SE
Linux.
The following command shows that some parts of the library have not been
comiled with -fpic or -fPIC, I believe
Package: initscripts
Version: 2.86.ds1-60
Severity: normal
After /lib/init/rw is mounted the root directory needs to have it's
context set. This can be done by /etc/init.d/mountkernfs.sh after
calling domount(), or can be done in the domount() function in
/lib/init/mount-functions.sh.
For my
I meant to say root directory of the filesystem in question.
While /lib/init/rw is the main issue at the moment, as a general rule it
doesn't do any harm to have an extra call to restorecon, so doing it for all
tmpfs filesystems is best.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
The following patch (from Fedora rawhide) fixes this issue.
diff -ru libtheora-1.0~beta3.bak/lib/enc/x86_32/dct_decode_mmx.c
libtheora-1.0~beta3/lib/enc/x86_32/dct_decode_mmx.c
--- libtheora-1.0~beta3.bak/lib/enc/x86_32/dct_decode_mmx.c 2008-08-04
15:30:57.0 +1000
+++
Package: libswscale0
Version: 0.svn20080206-8
Severity: normal
http://etbe.coker.com.au/2007/02/10/execmod/
The above URL has background information on the execmod denial from SE
Linux.
The following command shows that some parts of the library have not been
comiled with -fpic or -fPIC - in
On Monday 04 August 2008 20:52, Ivo Emanuel Gonçalves [EMAIL PROTECTED]
wrote:
We are aware of SELinux problems in the assembly code and we have made
some recent changes to address it. As such your patch may not be
needed in fact. Please confirm this by getting the latest version
from SVN
On Monday 04 August 2008 20:59, Loïc Minier [EMAIL PROTECTED] wrote:
On Mon, Aug 04, 2008, Russell Coker wrote:
http://etbe.coker.com.au/2007/02/10/execmod/
The above URL has background information on the execmod denial from SE
Linux.
If you want to file bugs about binaries not using
On Monday 04 August 2008 22:34, Reinhard Tartler [EMAIL PROTECTED] wrote:
Russell Coker [EMAIL PROTECTED] writes:
The following patch fixes this.
Are you sure that this is the only occurence of text relocations? TBH, I
doubt that.
I built the package with the patch in question and the text
On Monday 04 August 2008 22:59, Loïc Minier [EMAIL PROTECTED] wrote:
The references you provide seem to indicate that the exception is for
the case where faster assembly is not available. IE you have a choice
between fast assembly and a slower compiled language. While if the
difference
Please send a unified diff format patch or a copy of the entire .c file that
you now believe to be the best version.
--
[EMAIL PROTECTED]
http://etbe.coker.com.au/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development
--
To UNSUBSCRIBE, email to
On Tuesday 05 August 2008 08:18, Marco d'Itri [EMAIL PROTECTED] wrote:
My proposal is to factor out the function which calls mknod, but keep
the parts which mount /dev etc as is.
That proposal satisfies most of my requirements and will be quite adequate for
Lenny.
Please make such a change at
Please send me the output of the following commands on the system in question:
dpkg -S /usr/share/selinux/default/dpkg.pp
dpkg -l selinux-policy-default
Are you trying to upgrade from a previous version? If so what version?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Wednesday 06 August 2008 22:03, Marco d'Itri [EMAIL PROTECTED] wrote:
I am moving make_extra_nodes() to /lib/udev/create_extra_nodes.
Can /sbin/restorecon /dev/$name be called by this script (which will be
used by *both* the init script and postinst) or does it need to be
run by the init
This is a two line patch that makes no actual code changes (it just changes
the labelling of the shared object header). The result of this change is the
same as running execstack -c on the shared object.
This patch improves system security. Without it any program that links to
that shared
Package: libopenspc
Version: 0.3.99a-2
Severity: normal
Assembler code does not inherently require an executable stack. The
majority of assembler code doesn't require it at all, the build system
defaults to marking shared objects containing assembler as needing an
executable stack for
On Monday 11 August 2008 14:08, Eric Dorland [EMAIL PROTECTED] wrote:
It is possible to ptrace (strace or gdb) the gpg-agent program.
This means that if an attacker compromises any process running on
behalf of a user (an MUA or a web browser) then they can ptrace
gpg-agent and wait for the
On Monday 11 August 2008 21:26, Julien Cristau [EMAIL PROTECTED] wrote:
Looks like seuser and level are never freed. Am I missing something?
Looking at selinux/selinux.h, we read:
/* Get the SELinux username and level to use for a given Linux username.?
These values may then be passed
On Saturday 16 August 2008 02:11, Nicolas François
[EMAIL PROTECTED] wrote:
On Fri, Aug 01, 2008 at 12:57:13PM +1000, [EMAIL PROTECTED] wrote:
# session required pam_selinux.so multiple
The above line is currently in /etc/pam.d/selinux. When the newer PAM
packages go in we need to get the
On Wednesday 20 August 2008 05:48, Luca Capello [EMAIL PROTECTED] wrote:
I suspect that most Debian systems have all the video driver packages
installed (along with drivers for wacom tablets and other hardware
devices that might be used) as that appears to be the default.
A bug in
What is the status of this? Is it going to be fixed in time for Lenny?
Thanks for your work in fixing the patch.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Please run semodule -l after the installation and give me a list of the
modules.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: selinux-policy-default
Version: 2:0.0.20080702-9
Severity: important
type=AVC msg=audit(1221605756.703:318785): avc: denied { append } for
pid=9244 comm=local name=root dev=hda ino=65548
scontext=unconfined_u:system_r:postfix_local_t:s0-s0:c0.c1023
Package: dhcp3-server
Version: 3.1.1-3
Severity: important
if [ ! -e /var/lib/dhcp3/dhcpd.leases ]; then
After the if section in the postinst which starts with the above line
you need to have a line of shell code like the following:
[ -x /sbin/restorecon ] /sbin/restorecon
Package: debian-installer
Severity: normal
I would like to add my own apt repositories early in the installation.
So when my repositories have newer versions of packages they will be
installed directly and I don't have to upgrade later.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
Package: debian-installer
Version: daily build 16th Sep
Severity: normal
I have a machine that had been used in a Linux Software RAID-1
configuration with LVM running on top of the RAID. The Debian Installer
recognised the LVM devices which in most cases is a good thing.
But having LVM enabled
Package: dkim-filter
Version: 2.6.0.dfsg-1
Severity: normal
Given the fact that the configuration files are relevant to the overall
security of the system, I think it would be best to have a separate
directory for all configuration files to reduce the risk of sensitive
data leaking.
Also if
Package: dkim-filter
Version: 2.6.0.dfsg-1
Severity: normal
I have edited /etc/init.d/dkim-filter on my system to have the following
immediately after the start-stop-daemon --start line:
if [ $s != ]; then
chgrp postfix $s
fi
This allows postfix to connect to the Unix domain socket.
Package: sysstat
Version: 8.1.2-2
Severity: normal
[ -x /usr/lib/sysstat/sa1 ] { [ -r $DEFAULT ] . $DEFAULT ; [
$ENABLED = true ] exec /usr/lib/sysstat/sa1 $SA1_OPTIONS 1 1 ; }
The above is one of the cron entries for sysstat.
Please make this something simpler that will consume less space
With setools (3.3.5.ds-3), apol still fails:
# apol
Initializing libqpol... done.
Initializing libapol... done.
Initializing libsefs... done.
Initializing libapol_tcl... done.
Initializing Tk... The SETools libraries could not be found in one of these
subdirectories:
y/usr/share/tcltk/tcl8.4
Actually it does work. It's strange it gives that error when I run without
$DISPLAY being set...
On Friday 19 September 2008 19:36, Russell Coker [EMAIL PROTECTED] wrote:
With setools (3.3.5.ds-3), apol still fails:
# apol
Initializing libqpol... done.
Initializing libapol... done
If you have a many virtual servers and if the cron jobs can run for any
moderate length of time then you have problems which will not be solved so
easily.
My current hack for one virtual server I run is to have the daily cron jobs
run 30 minutes apart (as some DomUs have jobs which run for
Now that cron is built with SE Linux support by default, shouldn't this one be
closed?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: cron
Version: 3.0pl1-104
Severity: important
The following patch is needed to support the SE Linux code in Lenny.
Without this cron jobs will run in the wrong context in most situations.
As the changes are all in the SE Linux specific code path (which is not
called on systems with SE
Here is a patch to fix this bug. I've also included a patch to quiet a
spurious warning about FILE *mail.
I think it would be good if this could be included for Lenny.
diff -ru /tmp/cron-3.0pl1/do_command.c /home/rjc/cron-3.0pl1/do_command.c
--- /tmp/cron-3.0pl1/do_command.c 2008-09-19
On Saturday 20 September 2008 02:37, Javier Fernández-Sanguino Peña
[EMAIL PROTECTED] wrote:
As the changes are all in the SE Linux specific code path (which is not
called on systems with SE Linux disabled) I expect that the release team
will be happy to exclude this from the freeze.
I
1 - 100 of 1329 matches
Mail list logo
