Your message dated Wed, 19 Sep 2012 06:31:26 +0000
with message-id <e1tedok-0002tj...@franck.debian.org>
and subject line Bug#679641: fixed in dpkg 1.15.8.13
has caused the Debian Bug report #679641,
regarding dpkg: if mcstransd is unexpectedly stopped then dpkg uses invalid SE
Linux context
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
679641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679641
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: dpkg
Version: 1.16.4.3
Severity: normal
I am giving this bug "normal" severity, but for certain types of SE Linux use
it might be regarded as more severe.
1) rjc:user_r:user_t:s0-s0:c0.c1023
2) rjc:user_r:user_t:SystemLow-SystemHigh
The way things currently work is that dpkg converts the sensitivity range of
a file from the computer readable form to the human readable form (the first of
the above two lines to the second). Then before writing the data to disk it
converts it back to the first form. mcstransd is used for the conversions
both ways, if it's running when dpkg tries to convert from #1 to #2 but not
running when dpkg wants to convert from #2 to #1 then dpkg will try to write
#2 to disk, which is a violation of SE Linux policy.
This can happen when dpkg upgrades multiple packages including policycoreutils
(which contains mcstransd). A mitigating factor for the users is that it's
recommended that upgrades of SE Linux policy and related packages (including
policycoreutils) between Debian releases be done in permissive mode with a
full relabel afterwards. But if someone upgraded from Squeeze to Testing a
few weeks ago and then upgraded to the latest Testing today it would mess
things up.
Error setting security context for next file object:: Invalid argument
To demonstrate this problem instruct dpkg to install a couple of big packages
(I use libreoffice-common and libreoffice-core) and then stop mcstransd while
dpkg is working. You may need to do it two or three times to get it to happen.
If the system is in permissive mode then the string "SystemLow" will be
included in contexts written to disk and in enforcing mode dpkg will write a
message such as the above to stderr. In both cases a message such as the
below will be written to the audit log (or the kernel message log if auditd
isn't running).
type=AVC msg=audit(1341055747.187:1390): avc: denied { mac_admin } for
pid=10131 comm="dpkg" capability=33
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=capability2
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (350, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages dpkg depends on:
ii libbz2-1.0 1.0.6-3
ii libc6 2.13-33
ii liblzma5 5.1.1alpha+20120614-1
ii libselinux1 2.1.9-5
ii tar 1.26-4
ii zlib1g 1:1.2.7.dfsg-13
dpkg recommends no packages.
Versions of packages dpkg suggests:
ii apt 0.9.7
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.15.8.13
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <guil...@debian.org> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 07 Sep 2012 08:28:56 +0200
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.15.8.13
Distribution: stable
Urgency: low
Maintainer: Dpkg Developers <debian-d...@lists.debian.org>
Changed-By: Guillem Jover <guil...@debian.org>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
libdpkg-dev - Debian package management static library
libdpkg-perl - Dpkg perl modules
Closes: 679641
Changes:
dpkg (1.15.8.13) stable; urgency=low
.
[ Guillem Jover ]
* Do not translate SE Linux context to human readable form while unpacking,
as that might cause the operation to fail if the mcstransd daemon
stopped running during the transaction. Closes: #679641
Thanks to Russell Coker <russ...@coker.com.au>.
.
[ Updated man page translations ]
* German (Helge Kreutzmann). Fix sub optimal translation of package states
LP: #368783, a fix by Chris Leick and other fixes.
Checksums-Sha1:
c1bb45b5df9cd01bb35ba7d486c355cee53ce1ef 1212 dpkg_1.15.8.13.dsc
d0b9386742f966345a23c3daa0391b37fa837a3f 5264193 dpkg_1.15.8.13.tar.bz2
b3ac621b1b4d110336e7d57e8626752a39d5038f 437874 libdpkg-dev_1.15.8.13_amd64.deb
77191771ae09f76d5c757f6904970ee069a26983 2398912 dpkg_1.15.8.13_amd64.deb
ee39b1d11a3d9bf779c8c10341531c331096c89d 906488 dselect_1.15.8.13_amd64.deb
f91e374e6b878cc3d4fb02b16ad5558215abf9fe 812818 dpkg-dev_1.15.8.13_all.deb
7e1609546da5fc1c9d3fd632d3579dcae3df428e 695030 libdpkg-perl_1.15.8.13_all.deb
Checksums-Sha256:
074f4909e71cd2c14a03bcae34ad7f61c86410c020de4db0a840b1fe43ebcbb5 1212
dpkg_1.15.8.13.dsc
47ebe2e634bf6fdef263e787d7032d9afcf206f302fca1313a6eb5ff3a8eae3f 5264193
dpkg_1.15.8.13.tar.bz2
0ac315145cf67dd1d444c8a92a4a042b0f9b69bc29a9b6e5a37fe70bf0369bce 437874
libdpkg-dev_1.15.8.13_amd64.deb
d49e5b8f56dd7db808e7002ca2581c1e3b987770e8252ab9f5d78228484b2a11 2398912
dpkg_1.15.8.13_amd64.deb
4d0d50a7be278e47207e2f55a2a123660a6bb635505d000886df2a156963427b 906488
dselect_1.15.8.13_amd64.deb
543f43592dc3f1d00208e9abe220531bb6a74e3219233ad58f076fb8aeda529c 812818
dpkg-dev_1.15.8.13_all.deb
ab4f4dc4690772e853cfe22b25e2a9d6f2a74f4a173cf92b848eca2a0e584e95 695030
libdpkg-perl_1.15.8.13_all.deb
Files:
2ab76036fa7613303624b9b53f54e7d2 1212 admin required dpkg_1.15.8.13.dsc
7f6ea19838311a66fdacce17991eba85 5264193 admin required dpkg_1.15.8.13.tar.bz2
8ac7c21908557586bfbc4692ad107ff0 437874 libdevel optional
libdpkg-dev_1.15.8.13_amd64.deb
8bb5aa9b21b8a8d6c25dfd65905f8516 2398912 admin required
dpkg_1.15.8.13_amd64.deb
b990877e615daedae48254cf6c19492e 906488 admin optional
dselect_1.15.8.13_amd64.deb
327c458d2024d12ade333701c0c0f57a 812818 utils optional
dpkg-dev_1.15.8.13_all.deb
8be1632fed9a86ad5e64b03e53edbb39 695030 perl optional
libdpkg-perl_1.15.8.13_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlBYQL8ACgkQuW9ciZ2SjJt7VQCg1zMaTVV8ILrvKlDnhygnCv3K
abIAoKom7InTr1KSvM/a3zz00gVIdhoJ
=DMz5
-----END PGP SIGNATURE-----
--- End Message ---
