Debian Bug report logs - #970027
policy-rcd-declarative: please provide a package with a deny-all rule

version graph

Package: src:policy-rcd-declarative; Maintainer for src:policy-rcd-declarative is Wouter Verhelst <wouter@debian.org>;

Reported by: Mattia Rizzolo <mattia@debian.org>

Date: Thu, 10 Sep 2020 11:45:02 UTC

Severity: wishlist

Found in version policy-rcd-declarative/0.3

Fixed in version policy-rcd-declarative/0.4

Done: Wouter Verhelst <wouter@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, wb-team@buildd.debian.org, Wouter Verhelst <wouter@debian.org>:
Bug#970027; Package src:policy-rcd-declarative. (Thu, 10 Sep 2020 11:45:04 GMT) (full text, mbox, link).

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Mattia Rizzolo <mattia@debian.org>
To: submit@bugs.debian.org
Subject: policy-rcd-declarative: please provide a package with a deny-all rule
Date: Thu, 10 Sep 2020 13:40:56 +0200
[Message part 1 (text/plain, inline)]
Source: policy-rcd-declarative
Version: 0.3
Severity: wishlist
X-Debbugs-Cc: Debian Buildd Team <wb-team@buildd.debian.org>


Dear maintainer,

The buildd.d.o team took up on your experiment and started using this
package in place of dropping a file in the chroots' /usr/local/sbin.

See:
    https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/abacce72bdc2417961cab2704ef3881f6d15d654
    https://bugs.debian.org/969084

In that bug I propose a further improvement, that is to provide the
deny-all configuration from a package instead of having the
configuration file manually managed.

Could you please add a binary package (that I tentatively named
policy-rcd-declarative-deny-all) providing a conffile
    /etc/service-policy.d/99-buildd-deny-all
with the content
    .* .* deny
?
(I named the file 99 so that the users can place their overrides first.)


Thank you for your input!

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
More about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Wouter Verhelst <wouter@debian.org>:
Bug#970027; Package src:policy-rcd-declarative. (Thu, 10 Sep 2020 12:15:02 GMT) (full text, mbox, link).

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to Wouter Verhelst <wouter@debian.org>. (Thu, 10 Sep 2020 12:15:02 GMT) (full text, mbox, link).

Message #8 received at submit@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Mattia Rizzolo <mattia@debian.org>, 970027@bugs.debian.org
Cc: submit@bugs.debian.org
Subject: Re: Bug#970027: policy-rcd-declarative: please provide a package with a deny-all rule
Date: Thu, 10 Sep 2020 14:13:42 +0200
[Message part 1 (text/plain, inline)]
On 2020-09-10 13:40, Mattia Rizzolo wrote:
> Source: policy-rcd-declarative
> Version: 0.3
> Severity: wishlist
> X-Debbugs-Cc: Debian Buildd Team <wb-team@buildd.debian.org>
> 
> 
> Dear maintainer,
> 
> The buildd.d.o team took up on your experiment and started using this
> package in place of dropping a file in the chroots' /usr/local/sbin.
> 
> See:
>     https://salsa.debian.org/dsa-team/mirror/dsa-puppet/-/commit/abacce72bdc2417961cab2704ef3881f6d15d654
>     https://bugs.debian.org/969084
> 
> In that bug I propose a further improvement, that is to provide the
> deny-all configuration from a package instead of having the
> configuration file manually managed.
> 
> Could you please add a binary package (that I tentatively named
> policy-rcd-declarative-deny-all) providing a conffile
>     /etc/service-policy.d/99-buildd-deny-all
> with the content
>     .* .* deny
> ?
> (I named the file 99 so that the users can place their overrides first.)

Note that the file should have a .pol extension to be considered.

Regards,
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Wouter Verhelst <wouter@debian.org>:
Bug#970027; Package src:policy-rcd-declarative. (Thu, 10 Sep 2020 12:15:04 GMT) (full text, mbox, link).

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to Wouter Verhelst <wouter@debian.org>. (Thu, 10 Sep 2020 12:15:04 GMT) (full text, mbox, link).

Message sent on to Mattia Rizzolo <mattia@debian.org>:
Bug#970027. (Thu, 10 Sep 2020 13:09:02 GMT) (full text, mbox, link).

Message #16 received at 970027-submitter@bugs.debian.org (full text, mbox, reply):

From: Wouter Verhelst <noreply@salsa.debian.org>
To: 970027-submitter@bugs.debian.org
Subject: Bug#970027 marked as pending in policy-rcd-declarative
Date: Thu, 10 Sep 2020 13:05:43 +0000
Control: tag -1 pending

Hello,

Bug #970027 in policy-rcd-declarative reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/wouter/policy-decl/-/commit/e1cf1a2f4c87034ef722802d62fffc1eb55f24fb

------------------------------------------------------------------------
Split out the package into a "policy-rcd-declarative-allow-all" and "policy-rcd-declarative" package, and add a "policy-rcd-declarative-deny-all" package that provides an alternate default policy (denying all requests for service startup). Closes: #970027
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/970027

Added tag(s) pending. Request was from Wouter Verhelst <noreply@salsa.debian.org> to 970027-submitter@bugs.debian.org. (Thu, 10 Sep 2020 13:09:03 GMT) (full text, mbox, link).

Reply sent to Wouter Verhelst <wouter@debian.org>:
You have taken responsibility. (Wed, 16 Sep 2020 10:03:07 GMT) (full text, mbox, link).

Notification sent to Mattia Rizzolo <mattia@debian.org>:
Bug acknowledged by developer. (Wed, 16 Sep 2020 10:03:07 GMT) (full text, mbox, link).

Message #23 received at 970027-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 970027-close@bugs.debian.org
Subject: Bug#970027: fixed in policy-rcd-declarative 0.4
Date: Wed, 16 Sep 2020 10:00:12 +0000
Source: policy-rcd-declarative
Source-Version: 0.4
Done: Wouter Verhelst <wouter@debian.org>

We believe that the bug you reported is fixed in the latest version of
policy-rcd-declarative, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 970027@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Wouter Verhelst <wouter@debian.org> (supplier of updated policy-rcd-declarative package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Sep 2020 15:38:03 +0200
Source: policy-rcd-declarative
Binary: policy-rcd-declarative policy-rcd-declarative-allow-all policy-rcd-declarative-deny-all
Architecture: source all
Version: 0.4
Distribution: unstable
Urgency: medium
Maintainer: Wouter Verhelst <wouter@debian.org>
Changed-By: Wouter Verhelst <wouter@debian.org>
Description:
 policy-rcd-declarative - policy-rc.d script with declarative syntax
 policy-rcd-declarative-allow-all - Permissive default policy for policy-rcd-declarative
 policy-rcd-declarative-deny-all - Blocking default policy for policy-rcd-declarative
Closes: 970027
Changes:
 policy-rcd-declarative (0.4) unstable; urgency=medium
 .
   * Split out the package into a "policy-rcd-declarative-allow-all" and
     "policy-rcd-declarative" package, and add a
     "policy-rcd-declarative-deny-all" package that provides an alternate
     default policy (denying all requests for service startup).
     Closes: #970027
Checksums-Sha1:
 0022975c3f1865cb68b7f96afaa1361edb9dfd42 1804 policy-rcd-declarative_0.4.dsc
 e911ebf78eb741bbda77197eee4bc9cb6571ba21 5556 policy-rcd-declarative_0.4.tar.xz
 5d559c1446d6f42287372f7058f54d4e3b75b64a 2948 policy-rcd-declarative-allow-all_0.4_all.deb
 5c6e0773b31b070c6ee8988dfd697a96b194645e 2876 policy-rcd-declarative-deny-all_0.4_all.deb
 aee8203be4eecf7bfba532a95cf28902c4d9d1be 11000 policy-rcd-declarative_0.4_all.deb
 98df137809a05382b23ade4600f05cd1fa8e931a 5930 policy-rcd-declarative_0.4_amd64.buildinfo
Checksums-Sha256:
 9cb86f9a5ddf079501fcc22a95a62ee1f7ed853ce2b70715cb2ffb14215ce058 1804 policy-rcd-declarative_0.4.dsc
 148fbc56995cf9e00630fd984fc591841cd231c1a33052b908c1a395a0f69aa3 5556 policy-rcd-declarative_0.4.tar.xz
 787603edd6f1fc0e6af0deb095daa255b8f73fe8aa44f2d11906ab36b80077ff 2948 policy-rcd-declarative-allow-all_0.4_all.deb
 27e2c27520f648bd5d33bdd99b177e110de0df929573bc7a5b7e340e1826a3aa 2876 policy-rcd-declarative-deny-all_0.4_all.deb
 282e3b9d4ef0914842bd524f7f6c3c6c4e465ffe84f46f463cebe0afd2703d0b 11000 policy-rcd-declarative_0.4_all.deb
 04e13bace6d5b95e6a7f20aa414b8e09a17424d557ef7cdf6150d8a89b1fc6a1 5930 policy-rcd-declarative_0.4_amd64.buildinfo
Files:
 13e80246271d4396619df4ad1d8cf0b3 1804 admin optional policy-rcd-declarative_0.4.dsc
 703e22bf1cbb3b01575fa0d76a4a676b 5556 admin optional policy-rcd-declarative_0.4.tar.xz
 29ee49678b588ed5f7571ada91ca93c0 2948 admin optional policy-rcd-declarative-allow-all_0.4_all.deb
 7aff361e0c143fce15e5707834354817 2876 admin optional policy-rcd-declarative-deny-all_0.4_all.deb
 f914c818f95f3481469ba14a26fbf1fc 11000 admin optional policy-rcd-declarative_0.4_all.deb
 e97beb7ed815adb31c73bd105ec6791b 5930 admin optional policy-rcd-declarative_0.4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEm2n98/DaCUgGYSn3LfxRmVQYEpYFAl9aLNASHHdvdXRlckBk
ZWJpYW4ub3JnAAoJEC38UZlUGBKW3boP/A/EF28FfMcLI1x62AG/15x/qFzM1wUf
1Hssrua+m0rH1uylDZ0Oyr2xl6SNnlvy761Q0b2c90uRFzbDKf2f4TG+Raewvivu
c72trYhQe/zpc/7ElTHq/gvAczPXl+iA+1pfhPPB/3IjyVoZpzeH7rJdIsrmDyQq
54i93KDRx522GRhRTHee0EYwy1KIndJ7mGGytyNsOWWGZ92G7tCpCalcMzxRJWQx
nIpAlOH10UGp445aLdZyEo6YNovt7TUZ01tER1pKEGqgq9PFGCo4oX6lWgKgLp46
HgZ6yTQM+A0YiLDtpO6EUHXCANGE25/uSoC1wgmB2n1IHFd4HCtxTw7rGysWdsoH
nlZBDbnwGObzUiK3XWmKVnUWB2H+dOgfzrN/13DuYSLKGv2o+lNV++eV3nXbJjoV
eSkqtaasml1o62eFdFiMa6VynjSLcVJvR9+2MZ/O8TPv77eXMUZuJb/yTlohphiJ
y42CtBQO5tdKh4t4PMJtWRIFg29a4Q06QRWTqGbk8HvzkeNll5Jb1lVPIMRuRGm4
08ThsfM8zeCGJNiLFx47nhk8/EOuaZRbSCQZf2JhBrIGP0xYm9VvHN1O0IfVYxI3
x6sAT3VPnAOoXv7pbU099CIzvi7OKy8hzFZg4+J6iexZ5in8wpJRGweCOGGMZabe
jgZoeVZfzJoO
=VdaS
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 08 Nov 2020 07:26:41 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 10:30:00 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.