Thank you very much for looking into this!
Does the following information help to make head or tail of this?
Otherwise, I will provide better instruction for reproduction.
László Böszörményi (GCS):
> How did you create that Buster chroot?
#!/bin/bash
set -x
set -e
img=/home/user/test.img
Package: fuse
Severity: grave
X-Debbugs-CC: whonix-de...@whonix.org
Dear maintainer,
The following code from /var/lib/dpkg/info/fuse.postinst is failing.
if [ -e /dev/fuse ]
then
udevadm test --action -p $(udevadm info -q path -n /dev/fuse)
> /dev/null 2>&1
fi
+ [ -e /dev/fuse ]
+
Package: enigmail
Severity: grave
X-Debbugs-CC: whonix-de...@whonix.org
Happening on Debian stretch.
sudo apt-get install enigmail
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested
Package: plasma-workspace
Severity: grave
X-Debbugs-CC: whonix-de...@whonix.org
Installing plasma-workspace alone on Debian stretch (after a jessie ->
stretch upgrade) leads to leads to the KDE desktop being totally
unusable only showing the following error popup.
All shell packages missing.
> 1) It's still al just Wants, no Requires... i.e. if netfilter rules
loading fails for whichever reason, the boot process will continue just
normally, with networking and any daemons, that possibly require
netfilter for their security, being brought up.
There is a separate bug report for this:
Thank you for working on this patch!
Me and rustybird agreed on the following. Please consider using the
following as netfilter-persistent.service.
#
[Unit]
Description=netfilter persistent configuration
DefaultDependencies=no
Wants=network-pre.target
Before=network-pre.target
A way to fix this would be to not bring up the network if the firewall
fails. I suggest adding the following file:
/lib/systemd/system/networking.service.d/30_netfilter-persistent.conf
With the following content:
[Unit]
## Fail Closed Mechanism.
## When the firewall systemd service failed, do
Package: firewalld
Severity: grave
X-Debbugs-CC: whonix-de...@whonix.org
Tags: security
Dear maintainer,
the systemd dependencies in firewalld.service are broken. It leads to a
systemd ordering cycle. And systemd's automatic breaking of the chain
might result in the firewall not being load early
Package: netfilter-persistent
Severity: grave
X-Debbugs-CC: whonix-de...@whonix.org
Tags: security
Dear maintainer,
I am using the following minimal systemd unit file for testing purposes.
###
/lib/systemd/system/my-test.service
[Unit]
Description=my-test-firewall-service
Package: netfilter-persistent
Severity: grave
X-Debbugs-CC: whonix-de...@whonix.org
Tags: security
Dear maintainer,
there is a security issue with the netfilter-persistent systemd service. [1]
If the netfilter-persistent wrapper [2] fails for some reason, it does
not load any firewall rules and
Rusty Bird:
> They also have to add Wants=network-pre.target then,
> https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
Package: netfilter-persistent
Severity: grave
X-Debbugs-CC: whonix-de...@whonix.org
Tags: security
Dear maintainer,
there is a security issue with the netfilter-persistent systemd service. [1]
netfilter-persistent orders itself before the wrong target. Should be
'Before=network-pre.target'.
Package: rinetd
Version: 0.62-5.1
Severity: critical
X-Debbugs-CC: t...@punkave.com
X-Debbugs-CC: whonix-de...@whonix.org
When rinetd cannot bind, it quickly fills up the logs. Confirmations.
[1] [2]
CC'd upstream, Tom Boutell.
Tom, do you still maintain rinetd?
Severity critical chosen,
13 matches
Mail list logo