Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

app-admin/syslog-ng: Bump to 3.14.1 and fix capability support. #7323

Closed
wants to merge 1 commit into from
Closed

app-admin/syslog-ng: Bump to 3.14.1 and fix capability support. #7323

wants to merge 1 commit into from

Conversation

holgersson32644
Copy link
Contributor

Starting syslog-ng as user was broken, mostly due to mistakes in the
daemon file. It closes bug #544766, as the main intention was the
use startup and filecaps bring other implications wrt security.

Closes: https://bugs.gentoo.org/544766
Package-Manager: Portage-2.3.24, Repoman-2.3.6

Changes:

-> IUSE="+caps", and add user syslog-ng when caps is set
-> dropped copyright line from hardened config to make file homogen
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2)
-> fixed daemon file/init script (let daemon start as root and drop its right itself + set command_background=1 for PID file generation outside of syslog-ng)
-> enabled python3_5 - upstream doc seem to be outdated

@holgersson32644
app-admin/syslog-ng: Bump to 3.14.1 and fix capability support.
7e986b6 
Starting syslog-ng as user was broken, mostly due to mistakes in the
daemon file. It closes bug #544766, as the main intention was the
use startup and filecaps bring other implications wrt security.

Closes: https://bugs.gentoo.org/544766
Package-Manager: Portage-2.3.24, Repoman-2.3.6
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull Request assignment

Areas affected: ebuilds
Packages affected: app-admin/syslog-ng

app-admin/syslog-ng: @hydrapolic, @gentoo/proxy-maint

Bugs linked: 544766

In order to force reassignment and/or bug reference scan, please append [please reassign] to the pull request title.

@gentoo-repo-qa-bot gentoo-repo-qa-bot added assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. labels Feb 28, 2018
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2018-02-28 21:28 UTC
Newest commit scanned: 7e986b6
Status: ✅ good

Issues already there before the PR (double-check them):
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#app-editors/gedit-plugins
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#app-emacs/emacs-wiki-blog
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#app-text/webgen
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#dev-lang/julia
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#dev-lang/php
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#dev-lang/rust
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#dev-scheme/bytestructures
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#dev-scheme/guile-git
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#gnome-base/gvfs
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#net-dns/avahi
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#net-fs/samba
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#net-im/mattermost-desktop-bin
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#net-mail/cyrus-imapd
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#net-misc/gns3-server
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#net-nds/openldap
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#net-p2p/vuze-coreplugins
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#sci-chemistry/bkchem
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#sci-libs/gdal
https://qa-reports.gentoo.org/output/gentoo-ci/e33d01abd/output.html#x11-misc/xprintidle

@hydrapolic
Copy link
Contributor

Thanks for the PR :)

Bug https://bugs.gentoo.org/544766 added USE=filecaps, but I don't see it here - was that the intention?

@holgersson32644
Copy link
Contributor Author

Yes, I did that intentionally. The bug report sounds to me as the primary goal was to
run syslog-ng as a non-root user. As the old daemon file had simply a bug (starting syslog-ng as a user via openrc-run instead of starting the binary as root and dropping privileges to the user) the only working way was through filecaps.

filecaps on the other hand have a bit odd smelling, as they need to set specific bits on the binary and everyone that can run the actual binary has automagically the rights of syslog (in case of something like ping I wouldn't care).

So in my eyes working USE="cap" solves the issue. I’ll post a short statement in the bugtracker and ask the reporting user if he’s fine with this.

PS: The old syslog-ng versions aren't touched by this PR, so the mentioned bug in the daemon file exists pre 3.14.1.

@hydrapolic
Copy link
Contributor

Enough if we enhance the new version,we won't touch the older ones.

@hydrapolic hydrapolic mentioned this pull request Mar 7, 2018
Closed
@hydrapolic
Copy link
Contributor

Please let's close this and continue with #7384.

@mgorny mgorny closed this Mar 7, 2018
@holgersson32644 holgersson32644 deleted the WIP-syslog-ng branch June 27, 2018 21:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@holgersson32644 @gentoo-repo-qa-bot @hydrapolic @mgorny