Bug#989193: marked as done (breaks apt-cacher-ng by blocking link operation)

Wed, 09 Jun 2021 00:21:14 -0700 

Your message dated Wed, 09 Jun 2021 07:18:32 +0000
with message-id <e1lqstw-00067e...@fasolo.debian.org>
and subject line Bug#989193: fixed in apparmor-profiles-extra 1.34
has caused the Debian Bug report #989193,
regarding breaks apt-cacher-ng by blocking link operation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
989193: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989193
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: apparmor-profiles-extra
Version: 1.33
Severity: serious
Tags: patch

Hi,

see attachment, your config which doesn't allow link calls, which
sporadically breaks operation of apt-cacher-ng in unexpected ways.

The suggested change should probably be improved, I am no apparmor
expert.


[ 1451.927739] audit: type=1400 audit(1622048089.493:85): apparmor="ALLOWED" 
operation="link" profile="apt-cacher-ng" 
name="/var/cache/apt-cacher-ng/debrep/dists/unstable/InRelease.1622048089" 
pid=36785 comm="apt-cacher-ng" requested_mask="l" denied_mask="l" fsuid=121 
ouid=121 target="/var/cache/apt-cacher-ng/debrep/dists/unstable/InRelease"


Eduard.

-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.12.0+ (SMP w/12 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages apparmor-profiles-extra depends on:
ii  apparmor  2.13.6-10

apparmor-profiles-extra recommends no packages.

apparmor-profiles-extra suggests no packages.

-- Configuration Files:
/etc/apparmor.d/usr.sbin.apt-cacher-ng changed:
@{APT_CACHER_NG_CACHE_DIR}=/var/cache/apt-cacher-ng
profile apt-cacher-ng /usr/sbin/apt-cacher-ng {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/openssl>
  #include <abstractions/user-tmp>
  /etc/apt-cacher-ng/ r,
  /etc/apt-cacher-ng/** r,
  /etc/hosts.{deny,allow} r,
  /usr/sbin/apt-cacher-ng mr,
  /var/lib/apt-cacher-ng/** r,
  /{,var/}run/apt-cacher-ng/* rw,
  @{APT_CACHER_NG_CACHE_DIR}/ r,
  @{APT_CACHER_NG_CACHE_DIR}/** rwl,
  /var/log/apt-cacher-ng/ r,
  /var/log/apt-cacher-ng/* rw,
  /{,var/}run/systemd/notify w,
  /{usr/,}bin/dash ixr,
  /{usr/,}bin/ed ixr,
  /{usr/,}bin/red ixr,
  /{usr/,}bin/sed ixr,
  /usr/lib/apt-cacher-ng/acngtool ixr,
  # Allow serving local documentation
  /etc/mime.types r,
  /usr/share/doc/apt-cacher-ng/html/** r,
  # used by libevent
  @{PROC}/sys/kernel/random/uuid r,
  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.apt-cacher-ng>
}


-- no debconf information


From 5eeca40ec3c93dc0d91ce3db0d9f652310087a12 Mon Sep 17 00:00:00 2001
From: Eduard Bloch <bl...@debian.org>
Date: Fri, 28 May 2021 07:11:52 +0200
Subject: [PATCH] Stop breaking latest apt-cacher-ng by blocking link
 operations

---
 profiles/usr.sbin.apt-cacher-ng | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profiles/usr.sbin.apt-cacher-ng b/profiles/usr.sbin.apt-cacher-ng
index 6d2f5ff..c24c2c5 100644
--- a/profiles/usr.sbin.apt-cacher-ng
+++ b/profiles/usr.sbin.apt-cacher-ng
@@ -18,7 +18,7 @@ profile apt-cacher-ng /usr/sbin/apt-cacher-ng {
   /var/lib/apt-cacher-ng/** r,
   /{,var/}run/apt-cacher-ng/* rw,
   @{APT_CACHER_NG_CACHE_DIR}/ r,
-  @{APT_CACHER_NG_CACHE_DIR}/** rw,
+  @{APT_CACHER_NG_CACHE_DIR}/** rwl,
   /var/log/apt-cacher-ng/ r,
   /var/log/apt-cacher-ng/* rw,
   /{,var/}run/systemd/notify w,
--
2.32.0.rc0

--- End Message ---
--- Begin Message --- 
Source: apparmor-profiles-extra
Source-Version: 1.34
Done: intrigeri <intrig...@debian.org>

We believe that the bug you reported is fixed in the latest version of
apparmor-profiles-extra, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 989...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
intrigeri <intrig...@debian.org> (supplier of updated apparmor-profiles-extra 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 09 Jun 2021 06:23:10 +0000
Source: apparmor-profiles-extra
Architecture: source
Version: 1.34
Distribution: unstable
Urgency: medium
Maintainer: Debian AppArmor Team <pkg-apparmor-t...@lists.alioth.debian.org>
Changed-By: intrigeri <intrig...@debian.org>
Closes: 989193
Changes:
 apparmor-profiles-extra (1.34) unstable; urgency=medium
 .
   * apt-cacher-ng: allow link operations on the contents of the cache directory
     (Closes: #989193). Thanks to Eduard Bloch <e...@gmx.de> for the patch.
Checksums-Sha1:
 42763bae887257bcce6e2d7224832de75992b0ae 1429 apparmor-profiles-extra_1.34.dsc
 799c718a2936f28618707c7a868f8b85264a7d6d 11012 
apparmor-profiles-extra_1.34.tar.xz
Checksums-Sha256:
 6d9f666e5d6a89ef13201ee1e52848da96c3cbadfa17b3b15b8ab7a42f84eec8 1429 
apparmor-profiles-extra_1.34.dsc
 ee0a1567f1bf0ae296709c11808dfb173886b35564f78cb6263438c55acf425e 11012 
apparmor-profiles-extra_1.34.tar.xz
Files:
 8e9f80c73d459a4a247f4d5c2cc2a059 1429 admin optional 
apparmor-profiles-extra_1.34.dsc
 674e0ad1ecd5b8fb090a6c743202d790 11012 admin optional 
apparmor-profiles-extra_1.34.tar.xz

-----BEGIN PGP SIGNATURE-----

iIsEARYKADMWIQRhtDRcZu/HkP7YWcafj6cvaVTDowUCYMBnDxUcaW50cmlnZXJp
QGRlYmlhbi5vcmcACgkQn4+nL2lUw6O/dwD8CY2xx9RWmERzmXkPfCezboBhX6pu
fzW2C3OpR46QiKUBAPOsf6qspbWbqViFrYRmBOcrm17yJHxM+c/yIoQ6sKkC
=T3kX
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to