Devuan logs - #851, boring messages

Message sent to [email protected], [email protected], [email protected]:

Subject: bug#851: openrc: Incorrect handling of 'no_new_privs' in openrc-run
Reply-To: murzik <[email protected]>, [email protected]
Resent-From: murzik <[email protected]>
Resent-To: [email protected]
Resent-CC: [email protected], [email protected]
Resent-Date: Tue, 02 Jul 2024 14:14:01 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::341; helo=mail-wm1-x341.google.com; [email protected]; receiver=<UNKNOWN> 
Date: Wed, 03 Jul 2024 01:12:57 +1100
From: murzik <[email protected]>
To: [email protected]
Message-Id: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-SyMU96NB4oB+1PMXweai"

--=-SyMU96NB4oB+1PMXweai
Content-Type: text/plain; charset=us-ascii; format=flowed

Subject: openrc: Incorrect handling of 'no_new_privs' in openrc-run
Package: openrc
X-Debbugs-Cc: [email protected]
Version: 0.45.2-2+deb12u1
Severity: grave
Justification: renders package unusable
Tags: patch

Dear Maintainer,
Supervise-daemon handler 
supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for openrc-run
has problems with handling the no_new_privs parameter!
at line 41 we have the following code:
   ${no_new_privs:+--no_new_privs} \
And there is no '--no_new_privs' option in supervise-daemon, only 
'--no-new-privs'.
So, line 41 should be replaced with
   ${no_new_privs:+--no-new-privs} \
But, this is not the only problem.
Instead of checking if 'no_new_privs' is set to positive boolean value, 
we are just checking if
its not empty! So, if there is 'no_new_privs=false'  or even 
'no_new_privs=BlaBla' in service file, we are setting '--no-new-privs'
flag anyway!
I think, the following code:
 if ! yesno "$no_new_privs"; then
  no_new_privs=""
 fi
should be added before line 23.
With that, everything works as excepted and there is no more 
'--no-new-privs' flag if
'no_new_privs' option is not positive boolean value.


-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 5 (daedalus)
Release: 5
Codename: daedalus
Architecture: x86_64

Kernel: Linux 6.1.0-22-amd64 (SMP w/6 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: OpenRC (via /run/openrc), PID 1: openrc-init

Versions of packages openrc depends on:
ii insserv 1.24.0-1
ii libaudit1 1:3.0.9-1
ii libc6 2.36-9+deb12u7
ii libeinfo1 0.45.2-2+deb12u1
ii libpam0g 1.5.2-6+deb12u1
ii librc1 0.45.2-2+deb12u1
ii libselinux1 3.4-1+b6

openrc recommends no packages.

Versions of packages openrc suggests:
pn policycoreutils <none>
pn sysvinit-core <none>

-- Configuration Files:
/etc/init.d/agetty [Errno 13] Permission denied: '/etc/init.d/agetty'
/etc/init.d/cgroups [Errno 13] Permission denied: '/etc/init.d/cgroups'
/etc/init.d/rc [Errno 13] Permission denied: '/etc/init.d/rc'
/etc/init.d/rcS [Errno 13] Permission denied: '/etc/init.d/rcS'
/etc/init.d/savecache [Errno 13] Permission denied: 
'/etc/init.d/savecache'
/etc/rc.conf changed [not included]

-- no debconf information

-- debsums errors found:
debsums: changed file /lib/rc/sh/supervise-daemon.sh (from openrc 
package)



--=-SyMU96NB4oB+1PMXweai
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<div id=3D"geary-body" dir=3D"auto"><div>Subject: openrc: Incorrect handlin=
g of 'no_new_privs' in openrc-run</div><div>Package: openrc</div><div>X-Deb=
bugs-Cc: [email protected]</div><div>Version: 0.45.2-2+deb12u1</div><d=
iv>Severity: grave</div><div>Justification: renders package unusable</div><=
div>Tags: patch</div><div><br></div><div>Dear Maintainer,</div><div>Supervi=
se-daemon handler supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for o=
penrc-run&nbsp;</div><div>has problems with handling the no_new_privs param=
eter! <br>at line 41 we have the following code:</div><div>&nbsp; &nbsp;${n=
o_new_privs:+--no_new_privs} \</div><div>And there is no '--no_new_privs' o=
ption in supervise-daemon, only '--no-new-privs'.</div><div>So, line 41 sho=
uld be replaced with</div><div>&nbsp; &nbsp;${no_new_privs:+--no-new-privs}=
 \</div><div>But, this is not the only problem.</div><div>Instead of checki=
ng if 'no_new_privs' is set to positive boolean&nbsp;value, we are just che=
cking if</div><div>its not empty! So, if there is 'no_new_privs=3Dfalse' &n=
bsp;or even 'no_new_privs=3DBlaBla' in service file, we are setting '--no-n=
ew-privs'</div><div>flag anyway!</div><div>I think, the following code:</di=
v><div>&nbsp;if ! yesno "$no_new_privs"; then</div><div>&nbsp; no_new_privs=
=3D""</div><div>&nbsp;fi</div><div>should be added before line 23.</div><di=
v>With that, everything works as excepted and there is no more '--no-new-pr=
ivs' flag if</div><div>'no_new_privs' option is not pos<span style=3D"white=
-space-collapse: break-spaces;">itive boolean value.</span></div><div><br><=
/div><div><br></div><div>-- System Information:</div><div>Distributor ID:	D=
evuan</div><div>Description:	Devuan GNU/Linux 5 (daedalus)</div><div>Releas=
e:	5</div><div>Codename:	daedalus</div><div>Architecture: x86_64</div><div>=
<br></div><div>Kernel: Linux 6.1.0-22-amd64 (SMP w/6 CPU threads; PREEMPT)<=
/div><div>Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE</div><div>Locale=
: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8), LANGUAGE no=
t set</div><div>Shell: /bin/sh linked to /bin/dash</div><div>Init: OpenRC (=
via /run/openrc), PID 1: openrc-init</div><div><br></div><div>Versions of p=
ackages openrc depends on:</div><div>ii  insserv      1.24.0-1</div><div>ii=
  libaudit1    1:3.0.9-1</div><div>ii  libc6        2.36-9+deb12u7</div><di=
v>ii  libeinfo1    0.45.2-2+deb12u1</div><div>ii  libpam0g     1.5.2-6+deb1=
2u1</div><div>ii  librc1       0.45.2-2+deb12u1</div><div>ii  libselinux1  =
3.4-1+b6</div><div><br></div><div>openrc recommends no packages.</div><div>=
<br></div><div>Versions of packages openrc suggests:</div><div>pn  policyco=
reutils  &lt;none&gt;</div><div>pn  sysvinit-core    &lt;none&gt;</div><div=
><br></div><div>-- Configuration Files:</div><div>/etc/init.d/agetty [Errno=
 13] Permission denied: '/etc/init.d/agetty'</div><div>/etc/init.d/cgroups =
[Errno 13] Permission denied: '/etc/init.d/cgroups'</div><div>/etc/init.d/r=
c [Errno 13] Permission denied: '/etc/init.d/rc'</div><div>/etc/init.d/rcS =
[Errno 13] Permission denied: '/etc/init.d/rcS'</div><div>/etc/init.d/savec=
ache [Errno 13] Permission denied: '/etc/init.d/savecache'</div><div>/etc/r=
c.conf changed [not included]</div><div><br></div><div>-- no debconf inform=
ation</div><div><br></div><div>-- debsums errors found:</div><div>debsums: =
changed file /lib/rc/sh/supervise-daemon.sh (from openrc package)</div><div=
><br></div></div>
--=-SyMU96NB4oB+1PMXweai--

Message sent:

Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
X-Loop: [email protected]
From: "Devuan bug Tracking System" <[email protected]>
To: murzik <[email protected]>
Subject: bug#851: Acknowledgement (openrc: Incorrect handling of
 'no_new_privs' in openrc-run)
Message-ID: <[email protected]>
References: <[email protected]>
X-Devuan-PR-Message: ack 851
X-Devuan-PR-Package: openrc
X-Devuan-PR-Keywords: patch
Reply-To: [email protected]
Date: Tue, 02 Jul 2024 14:14:03 +0000

Thank you for filing a new bug report with Devuan.

You can follow progress on this bug here: 851: https://bugs.devuan.org/cgi/=
bugreport.cgi?bug=3D851.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

As you requested using X-Debbugs-CC, your message was also forwarded to
  [email protected]
(after having been given a bug report number, if it did not have one).

Your message has been sent to the package maintainer(s):
 [email protected]

If you wish to submit further information on this problem, please
send it to [email protected].

Please do not send mail to [email protected] unless you wish
to report a problem with the Bug-tracking system.

--=20
851: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D851
Devuan Bug Tracking System
Contact [email protected] with problems

Message sent to [email protected], [email protected]:

Subject: bug#851: openrc: Incorrect handling of 'no_new_privs' in openrc-run
Reply-To: Mark Hindley <[email protected]>, [email protected]
Resent-From: Mark Hindley <[email protected]>
Resent-To: [email protected]
Resent-CC: [email protected]
Resent-Date: Mon, 15 Jul 2024 16:36:01 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
References: <[email protected]> <[email protected]>
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Date: Mon, 15 Jul 2024 17:33:45 +0100
From: Mark Hindley <[email protected]>
To: murzik <[email protected]>, [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>

Control: tags -1 upstream
Control: fixed -1 0.52.1-1

On Wed, Jul 03, 2024 at 01:12:57AM +1100, murzik wrote:
>    Subject: openrc: Incorrect handling of 'no_new_privs' in openrc-run
>    Package: openrc
>    X-Debbugs-Cc: [email protected]
>    Version: 0.45.2-2+deb12u1
>    Severity: grave
>    Justification: renders package unusable
>    Tags: patch
>    Dear Maintainer,
>    Supervise-daemon handler
>    supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for openrc-run
>    has problems with handling the no_new_privs parameter!
>    at line 41 we have the following code:
>       ${no_new_privs:+--no_new_privs} \
>    And there is no '--no_new_privs' option in supervise-daemon, only
>    '--no-new-privs'.
>    So, line 41 should be replaced with
>       ${no_new_privs:+--no-new-privs} \

Thanks. This was fixed upstream in version 0.52.1.

Mark

Message received at [email protected]:

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Date: Mon, 15 Jul 2024 17:33:45 +0100
From: Mark Hindley <[email protected]>
To: murzik <[email protected]>, [email protected]
Subject: Re: bug#851: openrc: Incorrect handling of 'no_new_privs' in
 openrc-run
Message-ID: <[email protected]>
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>

Control: tags -1 upstream
Control: fixed -1 0.52.1-1

On Wed, Jul 03, 2024 at 01:12:57AM +1100, murzik wrote:
>    Subject: openrc: Incorrect handling of 'no_new_privs' in openrc-run
>    Package: openrc
>    X-Debbugs-Cc: [email protected]
>    Version: 0.45.2-2+deb12u1
>    Severity: grave
>    Justification: renders package unusable
>    Tags: patch
>    Dear Maintainer,
>    Supervise-daemon handler
>    supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for openrc-run
>    has problems with handling the no_new_privs parameter!
>    at line 41 we have the following code:
>       ${no_new_privs:+--no_new_privs} \
>    And there is no '--no_new_privs' option in supervise-daemon, only
>    '--no-new-privs'.
>    So, line 41 should be replaced with
>       ${no_new_privs:+--no-new-privs} \

Thanks. This was fixed upstream in version 0.52.1.

Mark

Message received at [email protected]:

Received: (at 851) by bugs.devuan.org; 15 Jul 2024 16:34:39 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2a01:4f9:fff1:13::5fd9:f9e4]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Mon, 15 Jul 2024 16:34:39 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id lrjSFV9PlWZMDAAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Mon, 15 Jul 2024 16:33:35 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 2DD143C4; Mon, 15 Jul 2024 16:33:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86])
	by email.devuan.org (Postfix) with ESMTPS id 7AAE61D
	for <[email protected]>; Mon, 15 Jul 2024 16:33:34 +0000 (UTC)
Received: from hindley.org.uk (apollo.hindleynet [192.168.1.3])
	by mx.hindley.org.uk (Postfix) with SMTP id 485E5C2;
	Mon, 15 Jul 2024 17:33:32 +0100 (BST)
Received: (nullmailer pid 28391 invoked by uid 1000);
	Mon, 15 Jul 2024 16:33:45 -0000
Date: Mon, 15 Jul 2024 17:33:45 +0100
From: Mark Hindley <[email protected]>
To: murzik <[email protected]>, [email protected]
Subject: Re: bug#851: openrc: Incorrect handling of 'no_new_privs' in
 openrc-run
Message-ID: <[email protected]>
References: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
X-Debbugs-No-Ack: No Thanks

Control: tags -1 upstream
Control: fixed -1 0.52.1-1

On Wed, Jul 03, 2024 at 01:12:57AM +1100, murzik wrote:
>    Subject: openrc: Incorrect handling of 'no_new_privs' in openrc-run
>    Package: openrc
>    X-Debbugs-Cc: [email protected]
>    Version: 0.45.2-2+deb12u1
>    Severity: grave
>    Justification: renders package unusable
>    Tags: patch
>    Dear Maintainer,
>    Supervise-daemon handler
>    supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for openrc-run
>    has problems with handling the no_new_privs parameter!
>    at line 41 we have the following code:
>       ${no_new_privs:+--no_new_privs} \
>    And there is no '--no_new_privs' option in supervise-daemon, only
>    '--no-new-privs'.
>    So, line 41 should be replaced with
>       ${no_new_privs:+--no-new-privs} \

Thanks. This was fixed upstream in version 0.52.1.

Mark

Message sent:

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: [email protected]
From: "Devuan bug Tracking System" <[email protected]>
To: Mark Hindley <[email protected]>
Subject: bug#851: marked as done (openrc: Incorrect handling of
 'no_new_privs' in openrc-run)
Message-ID: <[email protected]>
References: <[email protected]> <[email protected]>
X-Devuan-PR-Message: closed 851
X-Devuan-PR-Package: openrc
X-Devuan-PR-Keywords: upstream patch
Reply-To: [email protected]
Date: Tue, 16 Jul 2024 16:00:01 +0000
Content-Type: multipart/mixed; boundary="----------=_1721145601-9747-0"

This is a multi-part message in MIME format...

------------=_1721145601-9747-0
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your message dated Tue, 16 Jul 2024 16:57:46 +0100
with message-id <[email protected]>
and subject line Re: bug#851: openrc: Incorrect handling of 'no_new_privs' =
in openrc-run
has caused the Devuan bug report #851,
regarding openrc: Incorrect handling of 'no_new_privs' in openrc-run
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


--=20
851: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D851
Devuan Bug Tracking System
Contact [email protected] with problems

------------=_1721145601-9747-0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by bugs.devuan.org; 2 Jul 2024 14:13:33 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2a01:4f9:fff1:13::5fd9:f9e4]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Tue, 02 Jul 2024 14:13:33 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id QHhXMdUKhGbzXwAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 02 Jul 2024 14:12:37 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id B24394A0; Tue,  2 Jul 2024 14:12:37 +0000 (UTC)
Authentication-Results: email.devuan.org;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com [email protected] header.a=rsa-sha256 header.s=20230601 header.b=MwSjUzz4;
	dkim-atps=neutral
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::341; helo=mail-wm1-x341.google.com; [email protected]; receiver=<UNKNOWN> 
Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341])
	by email.devuan.org (Postfix) with ESMTPS id 7659981
	for <[email protected]>; Tue,  2 Jul 2024 14:12:35 +0000 (UTC)
Received: by mail-wm1-x341.google.com with SMTP id 5b1f17b1804b1-42138eadf64so30411515e9.3
        for <[email protected]>; Tue, 02 Jul 2024 07:12:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1719929554; x=1720534354; darn=bugs.devuan.org;
        h=mime-version:message-id:to:subject:from:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=0oYeu9AFI2tebeHJity4PI3ISvJxR67lW7pFZd03yJQ=;
        b=MwSjUzz4dMBcVF4Yp6gIhkaIQhrryzaV2DV4TnCymdA2M5KZmBQKlY1kZnZKv3nD6f
         Vauu/3Fg1NlQ3NnjSjv4fsWSKGkctXJSbH+bplj9ygelobKntanNLNdDSSBM9VXKa+Qh
         ZHitJDlMYWCeeMMJ5qJy4b+6sgkLzzqnGXXWZdeNgaBOpwwFCT1QqdR8Ouj1jVVSG2q4
         RbpAL2apF4hiaasinI3mdwC0eWdMU5JH9IRCZybYo6GRnKSVRvKXpXtaFSePWTcbOKU2
         Q4/4GIWQVaQ4ychSkC8tXeI4SopZDYLUCHBIylHvPYl0Gi6xzVxUq+UKbpSci2LWFVBQ
         mHEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1719929554; x=1720534354;
        h=mime-version:message-id:to:subject:from:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=0oYeu9AFI2tebeHJity4PI3ISvJxR67lW7pFZd03yJQ=;
        b=q8ZpgDI4M8I5Iw1duS1kckyFD8jq5S/DTjmYo6bjoYYvOku3+SbfXItwlpSqSmnHWU
         JpRqHAKX6VYmGRAKFRdzo4LLelJXtvYDc9ykOrQOLOl/TwGf0IkIQI9wiajdNV3wvRvT
         VLi2SZ2fHer+wMjzxwN/Np0Rpq/vhy11sBgqzqPW4oHGskeS1QS/s31Cs+Ys8u04lb+5
         tgzO9EfBX/g3u5Gsvm8PfJbhPnGFGuaVPwU2HPueZbTOk7OddLGYfMuiY7W84tutbFgt
         0YBAaAFCkiVqis25ipgMlPBPpvdvDNZ0GzPZDfUBG334RbFMp3kfQetyAhj0huuhziQl
         wXUg==
X-Gm-Message-State: AOJu0YyUZenmpVxkIMMiAdPbaSoRjWFsNvLhUBkkQad84aZ6cyN7By8v
	qCl0V5R3ZK+g/iFjazcoFLMmR/7OolIKgpJgqdpdC35Q0aWXWE28CVD/xGRJ
X-Google-Smtp-Source: AGHT+IGRxAJGtH3zifNzogohybp6nlP7fmaKu8Blleuv70E1/YywIli5LqaULo5ZbihT8QEeXT/ZHg==
X-Received: by 2002:a05:600c:4589:b0:424:abef:e952 with SMTP id 5b1f17b1804b1-4257a05fa08mr56936375e9.29.1719929553972;
        Tue, 02 Jul 2024 07:12:33 -0700 (PDT)
Received: from [192.168.0.70] ([188.113.129.161])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4256d664052sm190311485e9.27.2024.07.02.07.12.32
        for <[email protected]>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 02 Jul 2024 07:12:33 -0700 (PDT)
Date: Wed, 03 Jul 2024 01:12:57 +1100
From: murzik <[email protected]>
Subject: openrc: Incorrect handling of 'no_new_privs' in openrc-run
To: [email protected]
Message-Id: <[email protected]>
X-Mailer: geary/43.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-SyMU96NB4oB+1PMXweai"

--=-SyMU96NB4oB+1PMXweai
Content-Type: text/plain; charset=us-ascii; format=flowed

Subject: openrc: Incorrect handling of 'no_new_privs' in openrc-run
Package: openrc
X-Debbugs-Cc: [email protected]
Version: 0.45.2-2+deb12u1
Severity: grave
Justification: renders package unusable
Tags: patch

Dear Maintainer,
Supervise-daemon handler 
supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for openrc-run
has problems with handling the no_new_privs parameter!
at line 41 we have the following code:
   ${no_new_privs:+--no_new_privs} \
And there is no '--no_new_privs' option in supervise-daemon, only 
'--no-new-privs'.
So, line 41 should be replaced with
   ${no_new_privs:+--no-new-privs} \
But, this is not the only problem.
Instead of checking if 'no_new_privs' is set to positive boolean value, 
we are just checking if
its not empty! So, if there is 'no_new_privs=false'  or even 
'no_new_privs=BlaBla' in service file, we are setting '--no-new-privs'
flag anyway!
I think, the following code:
 if ! yesno "$no_new_privs"; then
  no_new_privs=""
 fi
should be added before line 23.
With that, everything works as excepted and there is no more 
'--no-new-privs' flag if
'no_new_privs' option is not positive boolean value.


-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 5 (daedalus)
Release: 5
Codename: daedalus
Architecture: x86_64

Kernel: Linux 6.1.0-22-amd64 (SMP w/6 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: OpenRC (via /run/openrc), PID 1: openrc-init

Versions of packages openrc depends on:
ii insserv 1.24.0-1
ii libaudit1 1:3.0.9-1
ii libc6 2.36-9+deb12u7
ii libeinfo1 0.45.2-2+deb12u1
ii libpam0g 1.5.2-6+deb12u1
ii librc1 0.45.2-2+deb12u1
ii libselinux1 3.4-1+b6

openrc recommends no packages.

Versions of packages openrc suggests:
pn policycoreutils <none>
pn sysvinit-core <none>

-- Configuration Files:
/etc/init.d/agetty [Errno 13] Permission denied: '/etc/init.d/agetty'
/etc/init.d/cgroups [Errno 13] Permission denied: '/etc/init.d/cgroups'
/etc/init.d/rc [Errno 13] Permission denied: '/etc/init.d/rc'
/etc/init.d/rcS [Errno 13] Permission denied: '/etc/init.d/rcS'
/etc/init.d/savecache [Errno 13] Permission denied: 
'/etc/init.d/savecache'
/etc/rc.conf changed [not included]

-- no debconf information

-- debsums errors found:
debsums: changed file /lib/rc/sh/supervise-daemon.sh (from openrc 
package)



--=-SyMU96NB4oB+1PMXweai
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<div id=3D"geary-body" dir=3D"auto"><div>Subject: openrc: Incorrect handlin=
g of 'no_new_privs' in openrc-run</div><div>Package: openrc</div><div>X-Deb=
bugs-Cc: [email protected]</div><div>Version: 0.45.2-2+deb12u1</div><d=
iv>Severity: grave</div><div>Justification: renders package unusable</div><=
div>Tags: patch</div><div><br></div><div>Dear Maintainer,</div><div>Supervi=
se-daemon handler supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for o=
penrc-run&nbsp;</div><div>has problems with handling the no_new_privs param=
eter! <br>at line 41 we have the following code:</div><div>&nbsp; &nbsp;${n=
o_new_privs:+--no_new_privs} \</div><div>And there is no '--no_new_privs' o=
ption in supervise-daemon, only '--no-new-privs'.</div><div>So, line 41 sho=
uld be replaced with</div><div>&nbsp; &nbsp;${no_new_privs:+--no-new-privs}=
 \</div><div>But, this is not the only problem.</div><div>Instead of checki=
ng if 'no_new_privs' is set to positive boolean&nbsp;value, we are just che=
cking if</div><div>its not empty! So, if there is 'no_new_privs=3Dfalse' &n=
bsp;or even 'no_new_privs=3DBlaBla' in service file, we are setting '--no-n=
ew-privs'</div><div>flag anyway!</div><div>I think, the following code:</di=
v><div>&nbsp;if ! yesno "$no_new_privs"; then</div><div>&nbsp; no_new_privs=
=3D""</div><div>&nbsp;fi</div><div>should be added before line 23.</div><di=
v>With that, everything works as excepted and there is no more '--no-new-pr=
ivs' flag if</div><div>'no_new_privs' option is not pos<span style=3D"white=
-space-collapse: break-spaces;">itive boolean value.</span></div><div><br><=
/div><div><br></div><div>-- System Information:</div><div>Distributor ID:	D=
evuan</div><div>Description:	Devuan GNU/Linux 5 (daedalus)</div><div>Releas=
e:	5</div><div>Codename:	daedalus</div><div>Architecture: x86_64</div><div>=
<br></div><div>Kernel: Linux 6.1.0-22-amd64 (SMP w/6 CPU threads; PREEMPT)<=
/div><div>Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE</div><div>Locale=
: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8), LANGUAGE no=
t set</div><div>Shell: /bin/sh linked to /bin/dash</div><div>Init: OpenRC (=
via /run/openrc), PID 1: openrc-init</div><div><br></div><div>Versions of p=
ackages openrc depends on:</div><div>ii  insserv      1.24.0-1</div><div>ii=
  libaudit1    1:3.0.9-1</div><div>ii  libc6        2.36-9+deb12u7</div><di=
v>ii  libeinfo1    0.45.2-2+deb12u1</div><div>ii  libpam0g     1.5.2-6+deb1=
2u1</div><div>ii  librc1       0.45.2-2+deb12u1</div><div>ii  libselinux1  =
3.4-1+b6</div><div><br></div><div>openrc recommends no packages.</div><div>=
<br></div><div>Versions of packages openrc suggests:</div><div>pn  policyco=
reutils  &lt;none&gt;</div><div>pn  sysvinit-core    &lt;none&gt;</div><div=
><br></div><div>-- Configuration Files:</div><div>/etc/init.d/agetty [Errno=
 13] Permission denied: '/etc/init.d/agetty'</div><div>/etc/init.d/cgroups =
[Errno 13] Permission denied: '/etc/init.d/cgroups'</div><div>/etc/init.d/r=
c [Errno 13] Permission denied: '/etc/init.d/rc'</div><div>/etc/init.d/rcS =
[Errno 13] Permission denied: '/etc/init.d/rcS'</div><div>/etc/init.d/savec=
ache [Errno 13] Permission denied: '/etc/init.d/savecache'</div><div>/etc/r=
c.conf changed [not included]</div><div><br></div><div>-- no debconf inform=
ation</div><div><br></div><div>-- debsums errors found:</div><div>debsums: =
changed file /lib/rc/sh/supervise-daemon.sh (from openrc package)</div><div=
><br></div></div>
--=-SyMU96NB4oB+1PMXweai--

------------=_1721145601-9747-0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 851-done) by bugs.devuan.org; 16 Jul 2024 15:58:19 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2a01:4f9:fff1:13::5fd9:f9e4]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Tue, 16 Jul 2024 15:58:19 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id lOiiFX+YlmZiRAAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 16 Jul 2024 15:57:51 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 2749F404; Tue, 16 Jul 2024 15:57:50 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86])
	by email.devuan.org (Postfix) with ESMTPS id DEE6A81
	for <[email protected]>; Tue, 16 Jul 2024 15:57:47 +0000 (UTC)
Received: from hindley.org.uk (apollo.hindleynet [192.168.1.3])
	by mx.hindley.org.uk (Postfix) with SMTP id A3F16D0
	for <[email protected]>; Tue, 16 Jul 2024 16:57:46 +0100 (BST)
Received: (nullmailer pid 11450 invoked by uid 1000);
	Tue, 16 Jul 2024 15:57:46 -0000
Date: Tue, 16 Jul 2024 16:57:46 +0100
From: Mark Hindley <[email protected]>
To: [email protected]
Subject: Re: bug#851: openrc: Incorrect handling of 'no_new_privs' in
 openrc-run
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
X-Debbugs-No-Ack: No Thanks

On Mon, Jul 15, 2024 at 05:33:45PM +0100, Mark Hindley wrote:
> Control: tags -1 upstream
> Control: fixed -1 0.52.1-1

Closing as fixed.

Mark
------------=_1721145601-9747-0--

Message sent:

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: [email protected]
From: "Devuan bug Tracking System" <[email protected]>
To: murzik <[email protected]>
Subject: bug#851 closed by Mark Hindley <[email protected]> (Re:
 bug#851: openrc: Incorrect handling of 'no_new_privs' in openrc-run)
Message-ID: <[email protected]>
References: <[email protected]> <[email protected]>
X-Devuan-PR-Message: they-closed 851
X-Devuan-PR-Package: openrc
X-Devuan-PR-Keywords: upstream patch
Reply-To: [email protected]
Date: Tue, 16 Jul 2024 16:00:03 +0000
Content-Type: multipart/mixed; boundary="----------=_1721145603-9747-1"

This is a multi-part message in MIME format...

------------=_1721145603-9747-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

This is an automatic notification regarding your bug report
which was filed against the openrc package:

#851: openrc: Incorrect handling of 'no_new_privs' in openrc-run

It has been closed by Mark Hindley <[email protected]>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact Mark Hindley <mark@hin=
dley.org.uk> by
replying to this email.


--=20
851: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D851
Devuan Bug Tracking System
Contact [email protected] with problems

------------=_1721145603-9747-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 851-done) by bugs.devuan.org; 16 Jul 2024 15:58:19 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2a01:4f9:fff1:13::5fd9:f9e4]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Tue, 16 Jul 2024 15:58:19 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id lOiiFX+YlmZiRAAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 16 Jul 2024 15:57:51 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id 2749F404; Tue, 16 Jul 2024 15:57:50 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> 
Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86])
	by email.devuan.org (Postfix) with ESMTPS id DEE6A81
	for <[email protected]>; Tue, 16 Jul 2024 15:57:47 +0000 (UTC)
Received: from hindley.org.uk (apollo.hindleynet [192.168.1.3])
	by mx.hindley.org.uk (Postfix) with SMTP id A3F16D0
	for <[email protected]>; Tue, 16 Jul 2024 16:57:46 +0100 (BST)
Received: (nullmailer pid 11450 invoked by uid 1000);
	Tue, 16 Jul 2024 15:57:46 -0000
Date: Tue, 16 Jul 2024 16:57:46 +0100
From: Mark Hindley <[email protected]>
To: [email protected]
Subject: Re: bug#851: openrc: Incorrect handling of 'no_new_privs' in
 openrc-run
Message-ID: <[email protected]>
References: <[email protected]>
 <[email protected]>
 <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[email protected]>
X-Debbugs-No-Ack: No Thanks

On Mon, Jul 15, 2024 at 05:33:45PM +0100, Mark Hindley wrote:
> Control: tags -1 upstream
> Control: fixed -1 0.52.1-1

Closing as fixed.

Mark
------------=_1721145603-9747-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by bugs.devuan.org; 2 Jul 2024 14:13:33 +0000
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from email.devuan.org [2a01:4f9:fff1:13::5fd9:f9e4]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Tue, 02 Jul 2024 14:13:33 +0000 (UTC)
Received: from email.devuan.org
	by email.devuan.org with LMTP
	id QHhXMdUKhGbzXwAAmSBk0A
	(envelope-from <[email protected]>)
	for <[email protected]>; Tue, 02 Jul 2024 14:12:37 +0000
Received: by email.devuan.org (Postfix, from userid 109)
	id B24394A0; Tue,  2 Jul 2024 14:12:37 +0000 (UTC)
Authentication-Results: email.devuan.org;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com [email protected] header.a=rsa-sha256 header.s=20230601 header.b=MwSjUzz4;
	dkim-atps=neutral
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::341; helo=mail-wm1-x341.google.com; [email protected]; receiver=<UNKNOWN> 
Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341])
	by email.devuan.org (Postfix) with ESMTPS id 7659981
	for <[email protected]>; Tue,  2 Jul 2024 14:12:35 +0000 (UTC)
Received: by mail-wm1-x341.google.com with SMTP id 5b1f17b1804b1-42138eadf64so30411515e9.3
        for <[email protected]>; Tue, 02 Jul 2024 07:12:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1719929554; x=1720534354; darn=bugs.devuan.org;
        h=mime-version:message-id:to:subject:from:date:from:to:cc:subject
         :date:message-id:reply-to;
        bh=0oYeu9AFI2tebeHJity4PI3ISvJxR67lW7pFZd03yJQ=;
        b=MwSjUzz4dMBcVF4Yp6gIhkaIQhrryzaV2DV4TnCymdA2M5KZmBQKlY1kZnZKv3nD6f
         Vauu/3Fg1NlQ3NnjSjv4fsWSKGkctXJSbH+bplj9ygelobKntanNLNdDSSBM9VXKa+Qh
         ZHitJDlMYWCeeMMJ5qJy4b+6sgkLzzqnGXXWZdeNgaBOpwwFCT1QqdR8Ouj1jVVSG2q4
         RbpAL2apF4hiaasinI3mdwC0eWdMU5JH9IRCZybYo6GRnKSVRvKXpXtaFSePWTcbOKU2
         Q4/4GIWQVaQ4ychSkC8tXeI4SopZDYLUCHBIylHvPYl0Gi6xzVxUq+UKbpSci2LWFVBQ
         mHEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1719929554; x=1720534354;
        h=mime-version:message-id:to:subject:from:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=0oYeu9AFI2tebeHJity4PI3ISvJxR67lW7pFZd03yJQ=;
        b=q8ZpgDI4M8I5Iw1duS1kckyFD8jq5S/DTjmYo6bjoYYvOku3+SbfXItwlpSqSmnHWU
         JpRqHAKX6VYmGRAKFRdzo4LLelJXtvYDc9ykOrQOLOl/TwGf0IkIQI9wiajdNV3wvRvT
         VLi2SZ2fHer+wMjzxwN/Np0Rpq/vhy11sBgqzqPW4oHGskeS1QS/s31Cs+Ys8u04lb+5
         tgzO9EfBX/g3u5Gsvm8PfJbhPnGFGuaVPwU2HPueZbTOk7OddLGYfMuiY7W84tutbFgt
         0YBAaAFCkiVqis25ipgMlPBPpvdvDNZ0GzPZDfUBG334RbFMp3kfQetyAhj0huuhziQl
         wXUg==
X-Gm-Message-State: AOJu0YyUZenmpVxkIMMiAdPbaSoRjWFsNvLhUBkkQad84aZ6cyN7By8v
	qCl0V5R3ZK+g/iFjazcoFLMmR/7OolIKgpJgqdpdC35Q0aWXWE28CVD/xGRJ
X-Google-Smtp-Source: AGHT+IGRxAJGtH3zifNzogohybp6nlP7fmaKu8Blleuv70E1/YywIli5LqaULo5ZbihT8QEeXT/ZHg==
X-Received: by 2002:a05:600c:4589:b0:424:abef:e952 with SMTP id 5b1f17b1804b1-4257a05fa08mr56936375e9.29.1719929553972;
        Tue, 02 Jul 2024 07:12:33 -0700 (PDT)
Received: from [192.168.0.70] ([188.113.129.161])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4256d664052sm190311485e9.27.2024.07.02.07.12.32
        for <[email protected]>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 02 Jul 2024 07:12:33 -0700 (PDT)
Date: Wed, 03 Jul 2024 01:12:57 +1100
From: murzik <[email protected]>
Subject: openrc: Incorrect handling of 'no_new_privs' in openrc-run
To: [email protected]
Message-Id: <[email protected]>
X-Mailer: geary/43.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-SyMU96NB4oB+1PMXweai"

--=-SyMU96NB4oB+1PMXweai
Content-Type: text/plain; charset=us-ascii; format=flowed

Subject: openrc: Incorrect handling of 'no_new_privs' in openrc-run
Package: openrc
X-Debbugs-Cc: [email protected]
Version: 0.45.2-2+deb12u1
Severity: grave
Justification: renders package unusable
Tags: patch

Dear Maintainer,
Supervise-daemon handler 
supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for openrc-run
has problems with handling the no_new_privs parameter!
at line 41 we have the following code:
   ${no_new_privs:+--no_new_privs} \
And there is no '--no_new_privs' option in supervise-daemon, only 
'--no-new-privs'.
So, line 41 should be replaced with
   ${no_new_privs:+--no-new-privs} \
But, this is not the only problem.
Instead of checking if 'no_new_privs' is set to positive boolean value, 
we are just checking if
its not empty! So, if there is 'no_new_privs=false'  or even 
'no_new_privs=BlaBla' in service file, we are setting '--no-new-privs'
flag anyway!
I think, the following code:
 if ! yesno "$no_new_privs"; then
  no_new_privs=""
 fi
should be added before line 23.
With that, everything works as excepted and there is no more 
'--no-new-privs' flag if
'no_new_privs' option is not positive boolean value.


-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 5 (daedalus)
Release: 5
Codename: daedalus
Architecture: x86_64

Kernel: Linux 6.1.0-22-amd64 (SMP w/6 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: OpenRC (via /run/openrc), PID 1: openrc-init

Versions of packages openrc depends on:
ii insserv 1.24.0-1
ii libaudit1 1:3.0.9-1
ii libc6 2.36-9+deb12u7
ii libeinfo1 0.45.2-2+deb12u1
ii libpam0g 1.5.2-6+deb12u1
ii librc1 0.45.2-2+deb12u1
ii libselinux1 3.4-1+b6

openrc recommends no packages.

Versions of packages openrc suggests:
pn policycoreutils <none>
pn sysvinit-core <none>

-- Configuration Files:
/etc/init.d/agetty [Errno 13] Permission denied: '/etc/init.d/agetty'
/etc/init.d/cgroups [Errno 13] Permission denied: '/etc/init.d/cgroups'
/etc/init.d/rc [Errno 13] Permission denied: '/etc/init.d/rc'
/etc/init.d/rcS [Errno 13] Permission denied: '/etc/init.d/rcS'
/etc/init.d/savecache [Errno 13] Permission denied: 
'/etc/init.d/savecache'
/etc/rc.conf changed [not included]

-- no debconf information

-- debsums errors found:
debsums: changed file /lib/rc/sh/supervise-daemon.sh (from openrc 
package)



--=-SyMU96NB4oB+1PMXweai
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

<div id=3D"geary-body" dir=3D"auto"><div>Subject: openrc: Incorrect handlin=
g of 'no_new_privs' in openrc-run</div><div>Package: openrc</div><div>X-Deb=
bugs-Cc: [email protected]</div><div>Version: 0.45.2-2+deb12u1</div><d=
iv>Severity: grave</div><div>Justification: renders package unusable</div><=
div>Tags: patch</div><div><br></div><div>Dear Maintainer,</div><div>Supervi=
se-daemon handler supervise_daemon.sh(/lib/rc/sh/supervise-daemon.sh) for o=
penrc-run&nbsp;</div><div>has problems with handling the no_new_privs param=
eter! <br>at line 41 we have the following code:</div><div>&nbsp; &nbsp;${n=
o_new_privs:+--no_new_privs} \</div><div>And there is no '--no_new_privs' o=
ption in supervise-daemon, only '--no-new-privs'.</div><div>So, line 41 sho=
uld be replaced with</div><div>&nbsp; &nbsp;${no_new_privs:+--no-new-privs}=
 \</div><div>But, this is not the only problem.</div><div>Instead of checki=
ng if 'no_new_privs' is set to positive boolean&nbsp;value, we are just che=
cking if</div><div>its not empty! So, if there is 'no_new_privs=3Dfalse' &n=
bsp;or even 'no_new_privs=3DBlaBla' in service file, we are setting '--no-n=
ew-privs'</div><div>flag anyway!</div><div>I think, the following code:</di=
v><div>&nbsp;if ! yesno "$no_new_privs"; then</div><div>&nbsp; no_new_privs=
=3D""</div><div>&nbsp;fi</div><div>should be added before line 23.</div><di=
v>With that, everything works as excepted and there is no more '--no-new-pr=
ivs' flag if</div><div>'no_new_privs' option is not pos<span style=3D"white=
-space-collapse: break-spaces;">itive boolean value.</span></div><div><br><=
/div><div><br></div><div>-- System Information:</div><div>Distributor ID:	D=
evuan</div><div>Description:	Devuan GNU/Linux 5 (daedalus)</div><div>Releas=
e:	5</div><div>Codename:	daedalus</div><div>Architecture: x86_64</div><div>=
<br></div><div>Kernel: Linux 6.1.0-22-amd64 (SMP w/6 CPU threads; PREEMPT)<=
/div><div>Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE</div><div>Locale=
: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8), LANGUAGE no=
t set</div><div>Shell: /bin/sh linked to /bin/dash</div><div>Init: OpenRC (=
via /run/openrc), PID 1: openrc-init</div><div><br></div><div>Versions of p=
ackages openrc depends on:</div><div>ii  insserv      1.24.0-1</div><div>ii=
  libaudit1    1:3.0.9-1</div><div>ii  libc6        2.36-9+deb12u7</div><di=
v>ii  libeinfo1    0.45.2-2+deb12u1</div><div>ii  libpam0g     1.5.2-6+deb1=
2u1</div><div>ii  librc1       0.45.2-2+deb12u1</div><div>ii  libselinux1  =
3.4-1+b6</div><div><br></div><div>openrc recommends no packages.</div><div>=
<br></div><div>Versions of packages openrc suggests:</div><div>pn  policyco=
reutils  &lt;none&gt;</div><div>pn  sysvinit-core    &lt;none&gt;</div><div=
><br></div><div>-- Configuration Files:</div><div>/etc/init.d/agetty [Errno=
 13] Permission denied: '/etc/init.d/agetty'</div><div>/etc/init.d/cgroups =
[Errno 13] Permission denied: '/etc/init.d/cgroups'</div><div>/etc/init.d/r=
c [Errno 13] Permission denied: '/etc/init.d/rc'</div><div>/etc/init.d/rcS =
[Errno 13] Permission denied: '/etc/init.d/rcS'</div><div>/etc/init.d/savec=
ache [Errno 13] Permission denied: '/etc/init.d/savecache'</div><div>/etc/r=
c.conf changed [not included]</div><div><br></div><div>-- no debconf inform=
ation</div><div><br></div><div>-- debsums errors found:</div><div>debsums: =
changed file /lib/rc/sh/supervise-daemon.sh (from openrc package)</div><div=
><br></div></div>
--=-SyMU96NB4oB+1PMXweai--

------------=_1721145603-9747-1--