Your message dated Thu, 08 Dec 2016 12:33:58 +0000
with message-id <[email protected]>
and subject line Bug#834228: fixed in refpolicy 2:2.20161023.1-2
has caused the Debian Bug report #834228,
regarding systemd: /run/utmp is created with the wrong SE Linux context
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
834228: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834228
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 231-1
Severity: normal
Tags: upstream
The file /run/utmp is created with the wrong type on SE Linux systems. The
program that creates is should either run restorecon or have internal code
to set the correct context (as most of systemd does).
I think it's being created by /lib/systemd/systemd-update-utmp but I'm not
certain.
I can provide access to a virtual machine for testing this if you wish.
-- Package-specific info:
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii adduser 3.115
ii libacl1 2.2.52-3
ii libapparmor1 2.10.95-4
ii libaudit1 1:2.6.5-1
ii libblkid1 2.28-6
ii libc6 2.23-4
ii libcap2 1:2.25-1
ii libcap2-bin 1:2.25-1
ii libcryptsetup4 2:1.7.0-2
ii libgcrypt20 1.7.2-2
ii libgpg-error0 1.24-1
ii libidn11 1.33-1
ii libkmod2 22-1.1
ii liblzma5 5.1.1alpha+20120614-2.1
ii libmount1 2.28-6
ii libpam0g 1.1.8-3.3
ii libseccomp2 2.3.1-2
ii libselinux1 2.5-3
ii libsystemd0 231-1
ii mount 2.28-6
ii util-linux 2.28-6
Versions of packages systemd recommends:
ii dbus 1.10.8-1
pn libpam-systemd <none>
Versions of packages systemd suggests:
pn policykit-1 <none>
pn systemd-container <none>
pn systemd-ui <none>
Versions of packages systemd is related to:
ii udev 231-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: refpolicy
Source-Version: 2:2.20161023.1-2
We believe that the bug you reported is fixed in the latest version of
refpolicy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Russell Coker <[email protected]> (supplier of updated refpolicy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 08 Dec 2016 23:16:14 +1100
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src
selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:2.20161023.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian SELinux maintainers <[email protected]>
Changed-By: Russell Coker <[email protected]>
Description:
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building
modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 834228
Changes:
refpolicy (2:2.20161023.1-2) unstable; urgency=medium
.
* Only label files as NetworkManager_initrc_exec_t
* Use separate domains mon_net_test_t and mon_local_test_t for network and
local tests
* Allow boinc to read xdm tmp dirs and connect to the X server, allow it to
read crypto sysctl for some of it's libraries
* Allow unconfined_t to request init to reload it's config
* Make bin_t an entrypoint for inetd_child_t
* Allow systemd_tmpfiles_t to read selinuxfs and selinux_config_t to find
correct context Closes: #834228
* Allow systemd_cgroups_t to read selinux_config_t
* Allow systemd_sessions_t to get contexts for sessions and default contexts
for files for correct labeling
* Allow systemd_logind_t to read cgroup files and getattr cgroupfs, and to
start and stop user sessions
* Allow systemd_tmpfiles_t to read kmod_var_run_t for
/run/tmpfiles.d/kmod.conf
* Allow syslogd_t to read SE Linux config
* Allow dpkg_script_t to reload systemd configuration and to restart
initrc_exec_t units.
* Allow sulogin to read crypto sysctls and set booleans
* Allow cron jobs append and ioctl access to crond_tmp_t
* Allow systemd_hostnamed_t to read sysfs
* Policy to allow systemd_backlight_t and systemd_machined_t to do things
* Give initrc_t, xserver_t, and devicekit_power_t wake_alarm capability.
* Allow tor to search tmpfs.
* Allow system_mail_t to inherit file handles from init.
Checksums-Sha1:
6ecc7bc022ac6b7dc160a3c28dda2908b6976f7c 2459 refpolicy_2.20161023.1-2.dsc
834571d898a19bb319d160955c7ac512a69998ad 90340
refpolicy_2.20161023.1-2.debian.tar.xz
e7e6b733ded357b46796f484b7048a2bbf38e266 6824
refpolicy_2.20161023.1-2_amd64.buildinfo
c021f3b17b2d51f6fb36e205132be1d5b1e72e2e 3013810
selinux-policy-default_2.20161023.1-2_all.deb
59b709d031980244a1a999fc8f5800b23779250b 462796
selinux-policy-dev_2.20161023.1-2_all.deb
9903f84ffd5cee7d86937606aafdff157631f57f 443280
selinux-policy-doc_2.20161023.1-2_all.deb
c653ed6c6fa9dd5523e4c5a593f7ff5e73b3e557 3048804
selinux-policy-mls_2.20161023.1-2_all.deb
b5fb74d5ea01bcfbcea3354f448ae4b14b0385e4 1254618
selinux-policy-src_2.20161023.1-2_all.deb
Checksums-Sha256:
4764ef56a8529f63a07a06c221b44dfd783d6900eacc1fcd7341a9965e9fd0b9 2459
refpolicy_2.20161023.1-2.dsc
6536c1c1b7290abca9a6117a373779488178692fb13a9dfb7214e55876fd41d1 90340
refpolicy_2.20161023.1-2.debian.tar.xz
736061df18f63c7721889ab9517685b8eca08e6392065e17a564b56c519f7fe2 6824
refpolicy_2.20161023.1-2_amd64.buildinfo
31361d8879dba4412d82d645c7a64c2d452fe9942b5f1a4b225c9a9004a0292a 3013810
selinux-policy-default_2.20161023.1-2_all.deb
c5e4ff854c0c592bcaa02745609ed40259e797a024796cdb40b7f7253217b532 462796
selinux-policy-dev_2.20161023.1-2_all.deb
036e6ccf59c580378623c84311294e08c76e479226e2aa9594f5c5664493422d 443280
selinux-policy-doc_2.20161023.1-2_all.deb
bf63b8f59c0e38cebff32ac67550db6b8a79278c53b711ea5626345bedf50b4b 3048804
selinux-policy-mls_2.20161023.1-2_all.deb
549d8c635370bb563e752a7f297369a4e7e07e2cb8d1ba2799f7e125d2febec3 1254618
selinux-policy-src_2.20161023.1-2_all.deb
Files:
35b3cfffd121c54ab8d5898c423b65f3 2459 admin optional
refpolicy_2.20161023.1-2.dsc
02a8065517bce2eafad2e25e7ae7f66e 90340 admin optional
refpolicy_2.20161023.1-2.debian.tar.xz
dd18d4d2bf9aff9f0b9b58a5a9d17bd7 6824 admin optional
refpolicy_2.20161023.1-2_amd64.buildinfo
45388e423a7581f6a7fde99aebebd368 3013810 admin optional
selinux-policy-default_2.20161023.1-2_all.deb
64548040b1a1f1cfef0dceade6047d50 462796 admin optional
selinux-policy-dev_2.20161023.1-2_all.deb
1947d3f58982f153b26cf57078b73975 443280 doc optional
selinux-policy-doc_2.20161023.1-2_all.deb
41afb14b0b6f39295bde9261c63cbad8 3048804 admin extra
selinux-policy-mls_2.20161023.1-2_all.deb
b6a63422d9b11070a9778a933670a518 1254618 admin optional
selinux-policy-src_2.20161023.1-2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAlhJT/8ACgkQ0UHNMPxL
j3lAtxAA3Tv8hr+Zckgvsq0J0++oAoit/OoBFuCLmJUJVqb8aOwsqfn1llpBWlhd
q/6qUXXSg3Es6NgOuRz4CMRQ1qTb0fUXYrCsTTxKlpFYHksLPSP0RFgl6fQ2REA0
hixC6lEMbsRIN/VEc6EtDGf85NRipL8GNdJsuSN6MyVMS3kogpJaYXfLDLofkUnO
LTiAcWY/a8vutHPPdmVppCOV3Dy0/MZW7rCYzt9uQt4hRNp3l7u5jxCjQgkr/PT5
p+3DYtAHyGkwDXHhxg+qpza1GIsb7w5Fmld+/shXuDUQZ7Wl6GYosJu1SwA+3W4C
cFAez3ILOz2tzwLjVdX/6bAw9oIfFk3JcHJSxop302qIN9b8OIcxKhmy8+JMAM2Z
fhFioOmxvONB3oOvzG+8Nlo0OyQjrl7b7Wk07VvO92KH38viZiYY/Y45gIqzgiaO
SUcWUzcSmnSvGtMdjjWx5K6wS4Q82T37AWI9SVdOIwmYoILSK1bWGx0eX6DXxlQv
coTV9h8zwLEo69B7CEbavHE+c6wM8x3PzEgfVYPZ2VW/f/D17kftCFXXGwUJB41Z
+xs7p9nDlFXk8MnvB5BV9FzA04fIiO8L1QaYL8oEo2W8KLZ9ThCtUFhYPmOI5CMz
FJ2jTlaCy13+iWR5s2ml7eh1KuZGYsF4PxMpWmxw6ZM69ma4e90=
=LKQy
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
SELinux-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
