Bug#810933: reportbug: possible workaround

Mon, 20 Jun 2022 03:24:22 -0700 

Package: reportbug
Version: 7.10.3
Followup-For: Bug #810933
X-Debbugs-Cc: bug810...@sideload.33mail.com

I concur that SMTP proxying would be useful.

I also have a workaround using firejail. Firejail makes it possible to
restrict an app to a network namespace. So if you can configure your
proxy to be a network namespace that appears in
/proc/sys/net/ipv4/conf/, then firejail can do the rest. Restricting
apps to use Firejail is generally a good security practice anyway.

I managed to create a network (proxynet0). So running reportbug in
firejail to force use of proxynet0 looks like this:

===8<------------------------------
  $ firejail --net=proxynet0\
             --dns="$(ip address show dev proxynet0 | awk 
'/inet\>/{gsub(/[/].*/,""); print $2 }')"\
             --whitelist="$HOME"/.reportbugrc\
             --whitelist="$draft_folder"\
             --whitelist="$app_specific_configs"\
             --whitelist=/etc/passwd\
             --whitelist=/var/lib/apt/lists/\
             --whitelist=/var/lib/dpkg/status\
             --whitelist=/etc/apt/sources.list\
             --whitelist=/etc/apt/sources.d\
             reportbug --draftpath="$draft_folder" --no-cc

  Reading profile /etc/firejail/default.profile
  Reading profile /etc/firejail/disable-common.inc
  Reading profile /etc/firejail/disable-passwdmgr.inc
  Reading profile /etc/firejail/disable-programs.inc

  ** Note: you can use --noprofile to disable default.profile **

  Parent pid 25268, child pid 25271

  Interface        MAC                IP               Mask             Status
  lo                                  127.0.0.1        255.0.0.0        UP
  eth0…
  Default gateway…
  DNS server…

  Child process initialized in 1877.72 ms

  (reportbug:11): dbind-WARNING **: 10:06:51.011: Couldn't connect to 
accessibility bus: Failed to connect to socket /tmp/dbus-jLt9P0UVaA: Connection 
refused
  Please enter the name of the package in which you have found a problem, or 
type 'other' to report a more general problem. If you don't know
  what package the bug is in, please contact debian-u...@lists.debian.org for 
assistance.
  > 
===8<------------------------------

Be sure to also add a --whitelist path for the config file of the app
the bug is reported on because reportbug will try to access that as
well. The placeholder “$app_specific_configs” was used above.

The reportbug app uses dbus for accessbility features, which firejail
blocks by default. The warning can be ignored if you don’t need
accessibility features. Otherwise Firejail offers the following
options to make dbus accessible:

  --dbus-log=file
  --dbus-system=filter|none
  --dbus-system.broadcast=name=[member][@path]
  --dbus-system.call=name=[member][@path]
  --dbus-system.log
  --dbus-system.own=name
  --dbus-system.see=name
  --dbus-system.talk=name
  --dbus-user=filter|none
  --dbus-user.broadcast=name=[member][@path]
  --dbus-user.call=name=[member][@path]
  --dbus-user.log
  --dbus-user.own=name
  --dbus-user.talk=name
  --dbus-user.see=name

I’m not sure which dbus restriction needs to be lifted (hence why this
is a half-baked workaround). I tried adding this:

  --dbus-system=filter 
--dbus-system.call=org.freedesktop.DBus=org.freedesktop.DBus.*@/org/gnome/desktop/a11y/

but got:

  Error: Invalid dbus-system.call rule: 
org.freedesktop.DBus=org.freedesktop.DBus.*@/org/gnome/desktop/a11y/

Anyway, that’s typically not needed. Hopefully this workaround helps
someone looking to proxy their reportbug SMTP traffic.

Note as well that the info in this post can be useful if someone wants
to introduce a reportbug profile into the firejail project.


-- Package-specific info:
** Environment settings:
EDITOR="emacs"
INTERFACE="text"

-- System Information:
Debian Release: 11.0
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 
'testing'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages reportbug depends on:
ii  apt                2.2.4
ii  python3            3.9.2-3
ii  python3-reportbug  7.10.3
ii  sensible-utils     0.0.14

reportbug recommends no packages.

Versions of packages reportbug suggests:
pn  claws-mail                      <none>
pn  debconf-utils                   <none>
pn  debsums                         <none>
pn  dlocate                         <none>
ii  emacs-bin-common                1:27.1+1-3.1
ii  file                            1:5.39-3
ii  gnupg                           2.2.27-2
ii  postfix [mail-transport-agent]  3.5.6-1+b1
pn  python3-urwid                   <none>
pn  reportbug-gtk                   <none>
ii  xdg-utils                       1.1.3-4.1

Versions of packages python3-reportbug depends on:
ii  apt                2.2.4
ii  file               1:5.39-3
ii  python3            3.9.2-3
ii  python3-apt        2.2.1
ii  python3-debian     0.1.39
ii  python3-debianbts  3.1.0
ii  python3-requests   2.25.1+dfsg-2
ii  sensible-utils     0.0.14

python3-reportbug suggests no packages.

-- no debconf information

Reply via email to