Your message dated Wed, 28 Dec 2016 15:33:51 +0000 with message-id <[email protected]> and subject line Bug#757994: fixed in refpolicy 2:2.20161023.1-5 has caused the Debian Bug report #757994, regarding selinux-policy-default: Installing x11-common fails when SELinux is set to enforcing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 757994: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757994 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: selinux-policy-default Version: 2:2.20140421-4 Severity: normal Dear Maintainer, installing x11-common fails: root@debselinux01:~# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: default Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 29 root@debselinux01:~# se_apt-get install x11-common [...] Setting up x11-common (1:7.7+7) ... update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults Failed to issue method call: Access denied invoke-rc.d: initscript x11-common, action "start" failed. dpkg: error processing package x11-common (--configure): subprocess installed post-installation script returned error exit status 4 E: Sub-process /usr/bin/dpkg returned an error code (1) Two AVC are logged: type=USER_AVC msg=audit(1407870310.296:105): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { status } for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl -p LoadState show x11-common.service" scontext=system_u:system_r:dpkg_script_t:s0 tcontext=system_u:object_r:null_device_t:s0 tclass=service exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' type=USER_AVC msg=audit(1407870310.336:106): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } for auid=0 uid=0 gid=0 path="/dev/null" cmdline="systemctl start x11-common.service" scontext=system_u:system_r:dpkg_script_t:s0 tcontext=system_u:object_r:null_device_t:s0 tclass=service exe="/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?' The cause for this is, that the x11-common.service is a link to /dev/null. I'm currently working on a patch for this - and hopefully can provide this during the next days. Kind regards Andre -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.1.8-3 ii libselinux1 2.3-1 ii libsepol1 2.3-1 ii policycoreutils 2.3-1 ii python 2.7.8-1 ii selinux-utils 2.3-1 Versions of packages selinux-policy-default recommends: ii checkpolicy 2.3-1 ii setools 3.3.8-3 Versions of packages selinux-policy-default suggests: pn logcheck <none> pn syslog-summary <none> -- no debconf information
--- End Message ---
--- Begin Message ---Source: refpolicy Source-Version: 2:2.20161023.1-5 We believe that the bug you reported is fixed in the latest version of refpolicy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Russell Coker <[email protected]> (supplier of updated refpolicy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 29 Dec 2016 01:08:24 +1100 Source: refpolicy Binary: selinux-policy-default selinux-policy-mls selinux-policy-src selinux-policy-dev selinux-policy-doc Architecture: source all Version: 2:2.20161023.1-5 Distribution: unstable Urgency: medium Maintainer: Debian SELinux maintainers <[email protected]> Changed-By: Russell Coker <[email protected]> Description: selinux-policy-default - Strict and Targeted variants of the SELinux policy selinux-policy-dev - Headers from the SELinux reference policy for building modules selinux-policy-doc - Documentation for the SELinux reference policy selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy selinux-policy-src - Source of the SELinux reference policy for customization Closes: 619855 619979 697814 734192 757994 Changes: refpolicy (2:2.20161023.1-5) unstable; urgency=medium . * Allowed system_munin_plugin_t to read usr_t files and have capability net_admin for mii-tool. Thanks joerg <[email protected]> Closes: #619855 * Allow rsync_t to stat all sock_files and fifo_files when rsync_export_all_ro is set. Thanks joerg <[email protected]> Closes: #619979 * Allow bitlbee_t to read FIPS state. Closes: #697814 * Allow mono_t to be in role unconfined_r. Closes: #734192 * Allow dpkg_script_t to manage null_device_t services for service scripts linked to /dev/null. Closes: #757994 * Give systemd_tmpfiles_t sys_admin capability for adjusting quotas. * Included initrc_t as a source domain in init_ranged_domain() so that old XDM packages that lack a systemd service file will work. * Use xserver_role() for unconfined_t so the xdm can start the session. * Allow user domains to talk to devicekit_disk_t and devicekit_power_t via dbus * Label /run/lvm as lvm_var_run_t * Allow dhcpc_t to manage samba config Checksums-Sha1: ae6b01cff11af7e898ea3b17ba0d78e2ab5cff62 2459 refpolicy_2.20161023.1-5.dsc adf4156ab23ad78994e49a4bae7bdb1966acac11 92864 refpolicy_2.20161023.1-5.debian.tar.xz 4cf8c8cad9c9a4bb3fc063b98a815a62e6e27f5d 6808 refpolicy_2.20161023.1-5_amd64.buildinfo bd9835e93d788933d9515f2d6ebfc38a23ef729d 3019806 selinux-policy-default_2.20161023.1-5_all.deb 85ef46a33c168a4c2d00dfece347860204420627 463718 selinux-policy-dev_2.20161023.1-5_all.deb 07a17dbc173743ac5f2bf0e8adc624f35b094b61 444674 selinux-policy-doc_2.20161023.1-5_all.deb dd29bd354bc3828ce6159d8b5eb3268af6735939 3056326 selinux-policy-mls_2.20161023.1-5_all.deb b4e6bf37845ea80f82b9a8aa8e8eb6dfc3b34bf1 1255722 selinux-policy-src_2.20161023.1-5_all.deb Checksums-Sha256: 6fa61599a29a20cc42127c65149e2fbdaee2cc49a851103fba53b698cfb3d302 2459 refpolicy_2.20161023.1-5.dsc 26f9a6cbdf8c50478eff7a1a242bf1a12052867bd3186a9d9918b0ebad2316de 92864 refpolicy_2.20161023.1-5.debian.tar.xz 1ded073e0d6b35d307fd396dc5eecff38f724b3964c1f2243314bf6d896ba61e 6808 refpolicy_2.20161023.1-5_amd64.buildinfo 7982335b14445b9760decf6212fd25e8cb293758cf6aa3d9772705d333318261 3019806 selinux-policy-default_2.20161023.1-5_all.deb 6f85f5e6c448606f0dbf37e7f2537037751e5a2ff25bf695c68070392b5a13fa 463718 selinux-policy-dev_2.20161023.1-5_all.deb df079a6be534504b267e5776441365cca414dbec16cab7c5e736d048d639e2d8 444674 selinux-policy-doc_2.20161023.1-5_all.deb e97ab8c42a2398ccd669f88901d44bd1fc4676b9fdd3b15689dc41d0d22ffeb4 3056326 selinux-policy-mls_2.20161023.1-5_all.deb 9268e70cfcb41793dfe0da91a5f7ed14fdbd7943257e3e4f6284532f643b4887 1255722 selinux-policy-src_2.20161023.1-5_all.deb Files: 7c794099f9741f1fa0ef640738c0922f 2459 admin optional refpolicy_2.20161023.1-5.dsc e7f4f8591e207b1e376e046dd8cc0b57 92864 admin optional refpolicy_2.20161023.1-5.debian.tar.xz 75bf1781f6c6361563c4bdb652d612e2 6808 admin optional refpolicy_2.20161023.1-5_amd64.buildinfo 8b4c47369bef30f1a2311d95161d9204 3019806 admin optional selinux-policy-default_2.20161023.1-5_all.deb d6a5c32f1cbd26bb98ee2ac4fa515d6f 463718 admin optional selinux-policy-dev_2.20161023.1-5_all.deb 335ed80025137290487fcf47331aaed0 444674 doc optional selinux-policy-doc_2.20161023.1-5_all.deb cb46b580643871284072f5040eeddaae 3056326 admin extra selinux-policy-mls_2.20161023.1-5_all.deb 80cd46e2ba3eff5242ec38360ff27c20 1255722 admin optional selinux-policy-src_2.20161023.1-5_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEn31hncwG9XwCqmbH0UHNMPxLj3kFAlhj0aQACgkQ0UHNMPxL j3k4qw/7BLBCCrjJIWD/ZSKxb8NBfq8rzq6f4mrQyW9EffPL/hgKeN9xprfU0+2Q 1G+6PEHkygljzYlHxz5fE1atj2dBQauItXuYJYYAui3ljbovsXumLHPlz9wmj6eM sQFyXQc8So6hRuAHlXZObejsXWHVZvGcZeArEH+uNTtrhv8j2HfdUJdFhMezXFE2 tUkVmRXAn4FDWxf843dCqyskd4s39M2d6378eeYCAwHiiv2xQmEIe8NW8S7iFtPo Tq+U94h3PtQ3hV8j6NdJYHJcMbK9vl6NDVXkoCN/w9jhg1FgoajzZw2c+ZP/VTzN /KR+ia+9TsW4V20RcU64+N4r4FtgHBbq2QNb2WC7osh+2DLPzFZa3IuVuWbWCPpX 388ELIQDwwtp2eA0c0FFdZqrnSW6hP34lp0RJ7LoH1DVkHKA6UI1kR8fnwkyc+DR 2ZE0vfmIWjNUqcSWZMB/OWIG9Y22akXw2HGu4u2JIrZBZO4ElDQwkuyb7nRH12fi j/hfInlfM3/YrsE13Lyj630Yh/QTyiMuvu2milOVbVwwD0ZuAMagLat6sernSVEB Q/aOkcQIBaYasoDhS0nmZ48rHx0JKJgL6gJ0hmkSOdDi0BhXPs/Df6HV3XYWecrH ocOPdR76aA929nOIUr+6QCZYBZ71ZR/YoKRvB3QzFXxDDcnx02Q= =Q2XD -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
