Your message dated Wed, 23 Apr 2025 09:06:38 +0000 with message-id <e1u7w3y-00cb6o...@fasolo.debian.org> and subject line Bug#1099891: fixed in postfix 3.10.2-1 has caused the Debian Bug report #1099891, regarding postfix.service: permit CAP_DAC_READ_SEARCH to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1099891: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099891 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: postfix Version: 3.10.1-1 Dear Maintainer, the newly hardened (thanks!) service file for postfix limits the granted Linux capabilities. The capability CAP_DAC_OVERRIDE is permitted but not CAP_DAC_READ_SEARCH, which is basically CAP_DAC_OVERRIDE minus write access. This affects e.g. SELinux policies where the different postfix processes run in different domains and by not granting CAP_DAC_READ_SEARCH they now fall back and require CAP_DAC_OVERRIDE. So please also permit CAP_DAC_READ_SEARCH in the service file. Kind regards, Christian Göttsche
--- End Message ---
--- Begin Message ---Source: postfix Source-Version: 3.10.2-1 Done: Michael Tokarev <m...@tls.msk.ru> We believe that the bug you reported is fixed in the latest version of postfix, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1099...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Tokarev <m...@tls.msk.ru> (supplier of updated postfix package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Apr 2025 11:42:50 +0300 Source: postfix Architecture: source Version: 3.10.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Postfix Team <team+post...@tracker.debian.org> Changed-By: Michael Tokarev <m...@tls.msk.ru> Closes: 1099891 1100449 Changes: postfix (3.10.2-1) unstable; urgency=medium . [ Michael Tokarev ] * new upstream minor/bugfix/maintenance release Closes: #1100449 (postfix: main.cf corrupted after upgrade) * postfix.service: add CAP_DAC_READ_SEARCH (Closes: #1099891) . [ Carles Pina i Estany ] * Update po-debconf Catalan translation Checksums-Sha1: eb6a1bd4eda15176009c9030b0920366d975459e 2914 postfix_3.10.2-1.dsc 55c16267e82670b325868ad70a2c76d80f4dec35 5048137 postfix_3.10.2.orig.tar.gz 540d90b52d9bfe1c61530bb16a0150f96741aeab 199812 postfix_3.10.2-1.debian.tar.xz 75184b3351855cb386b6020e235c9ef11c120776 8200 postfix_3.10.2-1_source.buildinfo Checksums-Sha256: 50481bed8ecd656237230fa231fcc10b8bde55dde3ac33aed2cfb0d54fdf8c63 2914 postfix_3.10.2-1.dsc bcca564132d4cf5f9c9ce354dab9dd35ee8e9e21900864623c815dac16bfbc27 5048137 postfix_3.10.2.orig.tar.gz 30b5b6eee42d3503458f0871835645b8b0158b23a90ee6a9e7ff494ccebad679 199812 postfix_3.10.2-1.debian.tar.xz cae97c2e8e2c06893f7d5428a26fbd423f27db523b6c9fd2780d54e2a1218062 8200 postfix_3.10.2-1_source.buildinfo Files: 4db9e5b5abdbd9994b218a34487a9205 2914 mail optional postfix_3.10.2-1.dsc c0b89a5aff286148194e9e2bb5529405 5048137 mail optional postfix_3.10.2.orig.tar.gz 309aa64db0576aa36f2b9cbd5a7ae19f 199812 mail optional postfix_3.10.2-1.debian.tar.xz 64bd26da21a7e8a1c5d9dc8cfdccbbca 8200 mail optional postfix_3.10.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZKoqtTHVaQM2a/75gqpKJDselHgFAmgIqCIACgkQgqpKJDse lHi+4g//T+m8Fm/M6c6HDnAC3eDC37AuwBLssfXZ8f2612CqUni9iZEOQwF6PG95 SJY4lG+b5gaL/7Zu8T/tfwy2PgFO1oIVYjb0xXLfmUA2QR+Ir5LDBUeM3G3BQL0c w56zBGvZ0Q1Dzyi7H/vK84LX0vpxAJW+oHhl68V0pFr3NBHQ13R/KxCfSoaTwaNu 8Ch1AFgjGhhd3whUBRb1EBf+olWFMV1q+j0Ukl/8HbzjPrBV2m4nWuWwGzwH0z2s zr3B+346u11UlP9uxf4hUYr//Ml7ZW2SzdU+bXIe7xkCC4C7ES5tM6yZbENcSVLl o8O9I+wH4DXci41j33hWRt0483l7zgBi92AZqir+3fPq669w1EyC7qDHAMKsVsyd e8NiovYiejnR1uqvxnf8DWEAMqnI9S1+GVEVcXpvHJQ2/pWc6cWdiEsWKxbqFbZg FOk7qjG/i0tN+T1pU9MHH1B4EVjHg5lJxy8m0bkOtSDwh3KAixXGxTG3/uJWtH3P z8eE9aNToyRgbYisd22aTBqGaPN4T5l5ab8rzDDiPV53flN30I+uEuxgq43xl+1P iNIS9smgl4AjUil87ERJ2+RbFEziW/XgJhDl1l1iuB5cADp/9pd5Awi3pCBc6AcL lJ4YJtmve2U5VjAlNPH1Y/NJEdZ8uuSyQPJ+Gh8j6wGPBKPqh5U= =H1+R -----END PGP SIGNATURE-----
pgpDoj8ceQAr8.pgp
Description: PGP signature
--- End Message ---
