Hi, intrigeri: > Dmitry Smirnov: >>> If one of you feels responsible for maintaining this package but >>> temporarily lacks time, I (or one of the attendees to one of the many >>> upcoming BSPs) will gladly fix this with a NMU.
>> Please, please. That would be really nice if you could. Thanks. Done (0.10.10-0.2). This was my first attempt at using dgit to NMU so let's hope I did not bork it. I'm attaching the 3 commits I did on top of 0.10.10-0.1. Cheers, -- intrigeri
>From 6c9e84a021b24d98314e44c1063712596752e1aa Mon Sep 17 00:00:00 2001 From: intrigeri <intrig...@debian.org> Date: Fri, 19 Jul 2019 14:49:19 +0000 Subject: [PATCH 1/3] Disable secctx in the default cachefilesd.conf (Closes: #909523). This configuration line assumes that: - either there is no active LSM, which is wrong on Buster where AppArmor is enabled by default; - or SELinux is the active LSM, which is a rare configuration on Debian. When this assumption is wrong, i.e. in most cases on current Debian Buster/testing/sid, cachefilesd fails to start if this configuration line is enabled. --- cachefilesd.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cachefilesd.conf b/cachefilesd.conf index 6905281..bf14950 100644 --- a/cachefilesd.conf +++ b/cachefilesd.conf @@ -21,4 +21,4 @@ fstop 3% # Assuming you're using SELinux with the default security policy included in # this package -secctx system_u:system_r:cachefiles_kernel_t:s0 +# secctx system_u:system_r:cachefiles_kernel_t:s0 -- 2.22.0
>From a5b3654d8f7fbdf81293be906f4f8603a59bad99 Mon Sep 17 00:00:00 2001 From: intrigeri <intrig...@debian.org> Date: Fri, 19 Jul 2019 14:54:11 +0000 Subject: [PATCH 2/3] README.Debian: document how to set the correct security context under SELinux. --- debian/README.Debian | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 debian/README.Debian diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..4658b2b --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,7 @@ +SELinux +======= + +When the SELinux LSM is active, in order to set the correct security +context for cachefilesd, uncomment the "secctx" line in +/etc/cachefilesd.conf. + -- 2.22.0
>From 044f44ed267e084cc24103a662456b0c7199ee09 Mon Sep 17 00:00:00 2001 From: intrigeri <intrig...@debian.org> Date: Fri, 19 Jul 2019 14:55:38 +0000 Subject: [PATCH 3/3] cachefilesd (0.10.10-0.2) Git-Dch: Ignore --- debian/changelog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1ec7b2f..74c5188 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +cachefilesd (0.10.10-0.2) unstable; urgency=medium + + * Non-maintainer upload. + * Disable secctx in the default cachefilesd.conf (Closes: #909523). + Accordingly, document in README.Debian how to set the correct security + context under SELinux. + + -- intrigeri <intrig...@debian.org> Fri, 19 Jul 2019 14:55:33 +0000 + cachefilesd (0.10.10-0.1) unstable; urgency=medium * Non-maintainer upload. -- 2.22.0
