Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Hardened

SELinux bughunt

  

 
Gentoo hardened RSS feed   Index | Next | Previous | View Threaded


sven.vermeulen at siphos

Jul 21, 2011, 3:06 AM

Post #1 of 15 (708 views)
Permalink
SELinux bughunt
Hi guys,

The SELinux bugs are "piling" up but most of them are resolved and I'd like to
use the STATUS field to keep track of which bugs are actually still open...

Considering the available states in the status field in bugzilla, I think it
is a nice idea to say:

UNCONFIRMED = reported, not taken up
CONFIRMED = reported and considered valid
IN_PROGRESS = taken up by a developer, fix might be available (ask developer)
RESOLVED = fix available, waiting QA. Fix might be in hardened-dev.git
or another overlay
VERIFIED = fix available and accepted. Fix might be in ~arch
FIXED = fix available and in portage tree "arch" status

I know it looks like some bureaucratic nonesense for some, but at least that
allows poor developers like me to see which bugs are still open for grabs,
which are awaiting stabilization, which still needs to be pushed to portage
tree, etc.

Considering the above (but also recent updates and fixes), the following
bugs need to be altered. Perhaps someone can take care of this for me?

#283274 - Mark as FIXED
#134129 - Mark as WONTFIX (we do not support SELinux and PPC)
#274239 - Mark as FIXED
#306393 - Mark as VERIFIED
#257111 - Mark as VERIFIED
#275085 - Mark as RESOLVED
#211374 - Mark as IN_PROGRESS
#368795 - Mark as RESOLVED
#365761 - Mark as CONFIRMED
#370765 - Mark as RESOLVED NEEDINFO + comment that the bug needs to be reopened then
#371831 - Mark as RESOLVED
#369089 - Mark as VERIFIED
#371425 - Mark as VERIFIED
#374991 - Mark as FIXED
#375475 - Mark as CONFIRMED
#375617 - Mark as IN_PROGRESS
#373381 - Mark as CONFIRMED

Thanks in advance.

Wkr,
Sven Vermeulen


gizmo at giz-works

Jul 21, 2011, 6:47 AM

Post #2 of 15 (695 views)
Permalink
Re: SELinux bughunt [In reply to]
On Thu, July 21, 2011 5:06 am, Sven Vermeulen wrote:
> Hi guys,
>
> The SELinux bugs are "piling" up but most of them are resolved and I'd
> like to
> use the STATUS field to keep track of which bugs are actually still
> open...
>
> Considering the available states in the status field in bugzilla, I think
> it
> is a nice idea to say:

Is there not already a standard definition of what these statuses mean?
If so, why not use that, rather than defining our own definitions within
the SELinux team?

Later,
Gizmo


sven.vermeulen at siphos

Jul 21, 2011, 6:55 AM

Post #3 of 15 (699 views)
Permalink
Re: SELinux bughunt [In reply to]
On Thu, Jul 21, 2011 at 3:47 PM, Chris Richards <gizmo [at] giz-works> wrote:

> Is there not already a standard definition of what these statuses mean?
> If so, why not use that, rather than defining our own definitions within
> the SELinux team?
>
>
There is, and the definition I gave earlier matches on it. Problem is that
the definitions are ambiguous.

Wkr,
Sven Vermeulen


basile at opensource

Jul 22, 2011, 3:37 AM

Post #4 of 15 (688 views)
Permalink
Re: SELinux bughunt [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/21/2011 06:06 AM, Sven Vermeulen wrote:
> Hi guys,
>
> The SELinux bugs are "piling" up but most of them are resolved and I'd like to
> use the STATUS field to keep track of which bugs are actually still open...
>
> Considering the available states in the status field in bugzilla, I think it
> is a nice idea to say:
>
> UNCONFIRMED = reported, not taken up
> CONFIRMED = reported and considered valid
> IN_PROGRESS = taken up by a developer, fix might be available (ask developer)
> RESOLVED = fix available, waiting QA. Fix might be in hardened-dev.git
> or another overlay
> VERIFIED = fix available and accepted. Fix might be in ~arch
> FIXED = fix available and in portage tree "arch" status
>
> I know it looks like some bureaucratic nonesense for some, but at least that
> allows poor developers like me to see which bugs are still open for grabs,
> which are awaiting stabilization, which still needs to be pushed to portage
> tree, etc.
>
> Considering the above (but also recent updates and fixes), the following
> bugs need to be altered. Perhaps someone can take care of this for me?
>
> #283274 - Mark as FIXED
> #134129 - Mark as WONTFIX (we do not support SELinux and PPC)
> #274239 - Mark as FIXED
> #306393 - Mark as VERIFIED
> #257111 - Mark as VERIFIED
> #275085 - Mark as RESOLVED
> #211374 - Mark as IN_PROGRESS
> #368795 - Mark as RESOLVED
> #365761 - Mark as CONFIRMED
> #370765 - Mark as RESOLVED NEEDINFO + comment that the bug needs to be reopened then
> #371831 - Mark as RESOLVED
> #369089 - Mark as VERIFIED
> #371425 - Mark as VERIFIED
> #374991 - Mark as FIXED
> #375475 - Mark as CONFIRMED
> #375617 - Mark as IN_PROGRESS
> #373381 - Mark as CONFIRMED
>
> Thanks in advance.
>
> Wkr,
> Sven Vermeulen

I'll get them.



- --
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREIAAYFAk4pUvcACgkQl5yvQNBFVTUjUwCff769Pq00bDYBgmWSqhnLxFVN
POEAnj1UsjVzPS4k61W+IVElkK1L8k/0
=J3Sv
-----END PGP SIGNATURE-----


coolio at ymail

Jul 22, 2011, 7:27 AM

Post #5 of 15 (685 views)
Permalink
Re: SELinux bughunt [In reply to]
Hello,

Bug #283274 is NOT FIXED. I just updated my system last night and I got a segment fault with trying to encrypt a partition in luks format. Not only that, but I used to copy the patch and patch the ebuild to over come this. For some strange reason, the patch no longer works. In addition, it would of been nice if the patch was included in the original ebuild as it will be a long time before glibc-12.3-r2 will be unmasked. I have posted the results in the bug report.


Thank you,
-Darin Hensley





----- Original Message -----
From: Anthony G. Basile <basile [at] opensource>
To: gentoo-hardened [at] lists
Cc:
Sent: Friday, July 22, 2011 5:37 AM
Subject: Re: [gentoo-hardened] SELinux bughunt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/21/2011 06:06 AM, Sven Vermeulen wrote:
> Hi guys,
>
> The SELinux bugs are "piling" up but most of them are resolved and I'd like to
> use the STATUS field to keep track of which bugs are actually still open...
>
> Considering the available states in the status field in bugzilla, I think it
> is a nice idea to say:
>
>  UNCONFIRMED = reported, not taken up
>  CONFIRMED  = reported and considered valid
>  IN_PROGRESS = taken up by a developer, fix might be available (ask developer)
>  RESOLVED    = fix available, waiting QA. Fix might be in hardened-dev.git
>                or another overlay
>  VERIFIED    = fix available and accepted. Fix might be in ~arch
>  FIXED      = fix available and in portage tree "arch" status
>
> I know it looks like some bureaucratic nonesense for some, but at least that
> allows poor developers like me to see which bugs are still open for grabs,
> which are awaiting stabilization, which still needs to be pushed to portage
> tree, etc.
>
> Considering the above (but also recent updates and fixes), the following
> bugs need to be altered. Perhaps someone can take care of this for me?
>
> #283274 - Mark as FIXED
> #134129 - Mark as WONTFIX (we do not support SELinux and PPC)
> #274239 - Mark as FIXED
> #306393 - Mark as VERIFIED
> #257111 - Mark as VERIFIED
> #275085 - Mark as RESOLVED
> #211374 - Mark as IN_PROGRESS
> #368795 - Mark as RESOLVED
> #365761 - Mark as CONFIRMED
> #370765 - Mark as RESOLVED NEEDINFO + comment that the bug needs to be reopened then
> #371831 - Mark as RESOLVED
> #369089 - Mark as VERIFIED
> #371425 - Mark as VERIFIED
> #374991 - Mark as FIXED
> #375475 - Mark as CONFIRMED
> #375617 - Mark as IN_PROGRESS
> #373381 - Mark as CONFIRMED
>
> Thanks in advance.
>
> Wkr,
>     Sven Vermeulen

I'll get them.



- --
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREIAAYFAk4pUvcACgkQl5yvQNBFVTUjUwCff769Pq00bDYBgmWSqhnLxFVN
POEAnj1UsjVzPS4k61W+IVElkK1L8k/0
=J3Sv
-----END PGP SIGNATURE-----


sven.vermeulen at siphos

Jul 22, 2011, 8:08 AM

Post #6 of 15 (687 views)
Permalink
Re: SELinux bughunt [In reply to]
On Fri, Jul 22, 2011 at 07:27:23AM -0700, d hee wrote:
> Bug #283274 is NOT FIXED. I just updated my system last night and I got a
> segment fault with trying to encrypt a partition in luks format. Not only
> that, but I used to copy the patch and patch the ebuild to over come this.
> For some strange reason, the patch no longer works. In addition, it would
> of been nice if the patch was included in the original ebuild as it will
> be a long time before glibc-12.3-r2 will be unmasked. I have posted the
> results in the bug report.

Bug #283274 is about app-admin/setools-3.3.6 not being able to be built,
which was confirmed fixed by the reporter. It doesn't talk about encryption
or luks.

I guess you mean bug #361911, which is about cryptsetup. This one is still
open.

Wkr,
Sven Vermeulen


coolio at ymail

Jul 22, 2011, 11:07 AM

Post #7 of 15 (698 views)
Permalink
Re: SELinux bughunt [In reply to]
No, Bug #283274 is about segmentation fault when encrypting a Luks partition :


From the original poster:

"

Trying to run the following command always results in the following: luffy ~ # /sbin/cryptsetup --cipher=aes-cbc-essiv:sha256 -s 256 luksFormat
/dev/md0 WARNING!
========
This will overwrite data on /dev/md0 irrevocably. Are you sure? (Type uppercase yes): YES
Segmentation fault (core dumped) I have two nearly identical systems (CPU,Mobo,etc) one running gentoo-sources
(phoenix) and hardened-sources (luffy). Reproducible: Always Steps to Reproduce:
1. luffy ~ # /sbin/cryptsetup --cipher=aes-cbc-essiv:sha256 -s 256 luksFormat
/dev/md0
2. Type "YES"
3. View segfalt Actual Results:
luffy ~ # /sbin/cryptsetup --cipher=aes-cbc-essiv:sha256 -s 256 luksFormat
/dev/md0 WARNING!
========
This will overwrite data on /dev/md0 irrevocably. Are you sure? (Type uppercase yes): YES
Segmentation fault (core dumped)"


This was dated back in 2009. Then a patch fixed the problem. But the patch no longer works. This happened on my system last night after a rebuild from a world update.

Thank you,
Darin







----- Original Message -----
From: Sven Vermeulen <sven.vermeulen [at] siphos>
To: gentoo-hardened [at] lists
Cc:
Sent: Friday, July 22, 2011 10:08 AM
Subject: Re: [gentoo-hardened] SELinux bughunt

On Fri, Jul 22, 2011 at 07:27:23AM -0700, d hee wrote:
> Bug #283274 is NOT FIXED. I just updated my system last night and I got a
> segment fault with trying to encrypt a partition in luks format. Not only
> that, but I used to copy the patch and patch the ebuild to over come this.
> For some strange reason, the patch no longer works. In addition, it would
> of been nice if the patch was included in the original ebuild as it will
> be a long time before glibc-12.3-r2 will be unmasked. I have posted the
> results in the bug report.

Bug #283274 is about app-admin/setools-3.3.6 not being able to be built,
which was confirmed fixed by the reporter. It doesn't talk about encryption
or luks.

I guess you mean bug #361911, which is about cryptsetup. This one is still
open.

Wkr,
    Sven Vermeulen


basile at opensource

Jul 22, 2011, 12:33 PM

Post #8 of 15 (686 views)
Permalink
Re: SELinux bughunt [In reply to]
On 07/22/2011 02:07 PM, d hee wrote:
> No, Bug #283274 is about segmentation fault when encrypting a Luks partition :

Please look at the following links:

https://bugs.gentoo.org/show_bug.cgi?id=283274

https://bugs.gentoo.org/show_bug.cgi?id=283470



--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197


coolio at ymail

Jul 23, 2011, 1:54 PM

Post #9 of 15 (684 views)
Permalink
Re: SELinux bughunt [In reply to]
Can anything be done about this bug(that is originally 2 years old)? Since the patch no longer works, and I can not install glibc-2.13-r2 because of it's own problems, I can not create a Luks partition that I need to create.





----- Original Message -----
From: Anthony G. Basile <basile [at] opensource>
To: gentoo-hardened [at] lists
Cc:
Sent: Friday, July 22, 2011 2:33 PM
Subject: Re: [gentoo-hardened] SELinux bughunt

On 07/22/2011 02:07 PM, d hee wrote:
> No, Bug #283274 is about segmentation fault when encrypting a Luks partition :

Please look at the following links:

  https://bugs.gentoo.org/show_bug.cgi?id=283274

  https://bugs.gentoo.org/show_bug.cgi?id=283470



--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197


kutulu at kutulu

Jul 23, 2011, 6:30 PM

Post #10 of 15 (682 views)
Permalink
Re: SELinux bughunt [In reply to]
On 7/23/2011 4:54 PM, d hee wrote:
> Can anything be done about this bug(that is originally 2 years old)? Since the patch no longer works, and I can not install glibc-2.13-r2 because of it's own problems, I can not create a Luks partition that I need to create.

You did the right thing by posting an update to the bug
tracker, but you missed a step from the error message:

* Include in your bugreport the contents of:
*
*
/var/tmp/portage/sys-fs/cryptsetup-1.1.3-r3/temp/newpatch.patch.out

The patch is failing because the source is too different
from what it's expecting; someone just needs to re-roll the
patch. Posting the output of that file into the bug report
may improve the chances of that happening quickly.

--Mike


zorry at gentoo

Jul 24, 2011, 5:16 AM

Post #11 of 15 (677 views)
Permalink
Re: SELinux bughunt [In reply to]
lördag 23 juli 2011 13.54.47 skrev d hee:
> Can anything be done about this bug(that is originally 2 years old)? Since
> the patch no longer works, and I can not install glibc-2.13-r2 because of
> it's own problems, I can not create a Luks partition that I need to create.
Make a dir /etc/portage/patches/sys-libs/glibc
Put the last patch from the bug in there and then recompile glibc.
Works fine for me.
* Done with patching
* Applying user patches from /etc/portage/patches/sys-libs/glibc ...
* __restore_rt_attribute_hidden.patch ... [ ok ]
* Done with patching


/Magnus (Zorry)


coolio at ymail

Jul 24, 2011, 1:29 PM

Post #12 of 15 (674 views)
Permalink
Re: SELinux bughunt [In reply to]
I'm currently not able to recompile glibc. I tried and I keep getting a force unwind config error(this is a multi lib system). This is a pretty new system built about a month and a half ago. I checked with gcc-config and I am using the latest non masked compiler available from portage.



----- Original Message -----
From: Magnus Granberg <zorry [at] gentoo>
To: gentoo-hardened [at] lists
Cc:
Sent: Sunday, July 24, 2011 7:16 AM
Subject: Re: [gentoo-hardened] SELinux bughunt

lördag 23 juli 2011 13.54.47 skrev  d hee:
> Can anything be done about this bug(that is originally 2 years old)? Since
> the patch no longer works, and I can not install glibc-2.13-r2 because of
> it's own problems, I can not create a Luks partition that I need to create.
Make a dir /etc/portage/patches/sys-libs/glibc
Put the last patch from the bug in there and then recompile glibc.
Works fine for me.
* Done with patching
* Applying user patches from /etc/portage/patches/sys-libs/glibc ...
*  __restore_rt_attribute_hidden.patch ...                                                                              [ ok ]
* Done with patching


/Magnus (Zorry)


coolio at ymail

Jul 25, 2011, 11:45 PM

Post #13 of 15 (653 views)
Permalink
Re: SELinux bughunt [In reply to]
Opened bug #376431 with necessary system information attached.



----- Original Message -----
From: d hee <coolio [at] ymail>
To: "gentoo-hardened [at] lists" <gentoo-hardened [at] lists>
Cc:
Sent: Sunday, July 24, 2011 3:29 PM
Subject: Re: [gentoo-hardened] SELinux bughunt

I'm currently not able to recompile glibc. I tried and I keep getting a force unwind config error(this is a multi lib system). This is a pretty new system built about a month and a half ago. I checked with gcc-config and I am using the latest non masked compiler available from portage.



----- Original Message -----
From: Magnus Granberg <zorry [at] gentoo>
To: gentoo-hardened [at] lists
Cc:
Sent: Sunday, July 24, 2011 7:16 AM
Subject: Re: [gentoo-hardened] SELinux bughunt

lördag 23 juli 2011 13.54.47 skrev  d hee:
> Can anything be done about this bug(that is originally 2 years old)? Since
> the patch no longer works, and I can not install glibc-2.13-r2 because of
> it's own problems, I can not create a Luks partition that I need to create.
Make a dir /etc/portage/patches/sys-libs/glibc
Put the last patch from the bug in there and then recompile glibc.
Works fine for me.
* Done with patching
* Applying user patches from /etc/portage/patches/sys-libs/glibc ...
*   __restore_rt_attribute_hidden.patch ...                                                                               [ ok ]
* Done with patching


/Magnus (Zorry)


coolio at ymail

Jul 26, 2011, 12:06 AM

Post #14 of 15 (653 views)
Permalink
Re: SELinux bughunt [In reply to]
Ok, I attached all the information...including the patch output.


I'm not sure why, but I might of gotten the bug number wrong or there was some kind of mix up with the bug numbers but it is bug #283470.


----- Original Message -----
From: Mike Edenfield <kutulu [at] kutulu>
To: gentoo-hardened [at] lists
Cc: d hee <coolio [at] ymail>
Sent: Saturday, July 23, 2011 8:30 PM
Subject: Re: [gentoo-hardened] SELinux bughunt

On 7/23/2011 4:54 PM, d hee wrote:
> Can anything be done about this bug(that is originally 2 years old)? Since the patch no longer works, and I can not install glibc-2.13-r2 because of it's own problems, I can not create a Luks partition that I need to create.

You did the right thing by posting an update to the bug tracker, but you missed a step from the error message:

* Include in your bugreport the contents of:
*
* /var/tmp/portage/sys-fs/cryptsetup-1.1.3-r3/temp/newpatch.patch.out

The patch is failing because the source is too different from what it's expecting; someone just needs to re-roll the patch. Posting the output of that file into the bug report may improve the chances of that happening quickly.

--Mike


coolio at ymail

Jul 26, 2011, 8:19 AM

Post #15 of 15 (650 views)
Permalink
Re: SELinux bughunt [In reply to]
 https://bugs.gentoo.org/376485 "Selinux policycoreutils-2.0.82 fails to compile because of python"

Added




----- Original Message -----
From: Anthony G. Basile <basile [at] opensource>
To: gentoo-hardened [at] lists
Cc:
Sent: Friday, July 22, 2011 5:37 AM
Subject: Re: [gentoo-hardened] SELinux bughunt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/21/2011 06:06 AM, Sven Vermeulen wrote:
> Hi guys,
>
> The SELinux bugs are "piling" up but most of them are resolved and I'd like to
> use the STATUS field to keep track of which bugs are actually still open...
>
> Considering the available states in the status field in bugzilla, I think it
> is a nice idea to say:
>
>  UNCONFIRMED = reported, not taken up
>  CONFIRMED  = reported and considered valid
>  IN_PROGRESS = taken up by a developer, fix might be available (ask developer)
>  RESOLVED    = fix available, waiting QA. Fix might be in hardened-dev.git
>                or another overlay
>  VERIFIED    = fix available and accepted. Fix might be in ~arch
>  FIXED      = fix available and in portage tree "arch" status
>
> I know it looks like some bureaucratic nonesense for some, but at least that
> allows poor developers like me to see which bugs are still open for grabs,
> which are awaiting stabilization, which still needs to be pushed to portage
> tree, etc.
>
> Considering the above (but also recent updates and fixes), the following
> bugs need to be altered. Perhaps someone can take care of this for me?
>
> #283274 - Mark as FIXED
> #134129 - Mark as WONTFIX (we do not support SELinux and PPC)
> #274239 - Mark as FIXED
> #306393 - Mark as VERIFIED
> #257111 - Mark as VERIFIED
> #275085 - Mark as RESOLVED
> #211374 - Mark as IN_PROGRESS
> #368795 - Mark as RESOLVED
> #365761 - Mark as CONFIRMED
> #370765 - Mark as RESOLVED NEEDINFO + comment that the bug needs to be reopened then
> #371831 - Mark as RESOLVED
> #369089 - Mark as VERIFIED
> #371425 - Mark as VERIFIED
> #374991 - Mark as FIXED
> #375475 - Mark as CONFIRMED
> #375617 - Mark as IN_PROGRESS
> #373381 - Mark as CONFIRMED
>
> Thanks in advance.
>
> Wkr,
>     Sven Vermeulen

I'll get them.



- --
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREIAAYFAk4pUvcACgkQl5yvQNBFVTUjUwCff769Pq00bDYBgmWSqhnLxFVN
POEAnj1UsjVzPS4k61W+IVElkK1L8k/0
=J3Sv
-----END PGP SIGNATURE-----

Gentoo hardened RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.