|
Any | Security Issue | Medium | Medium | [openssh] CVE-2018-15919 | Closed | |
Task Description
Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states ‘We understand that the OpenSSH developers do not want to treat such a username enumeration (or “oracle”) as a vulnerability.’ https://security-tracker.debian.org/tracker/CVE-2018-15919
|
|
Any | Security Issue | Very High | Critical | [openssh] CVE-2018-15473 | Closed | |
Task Description
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
https://security-tracker.debian.org/tracker/CVE-2018-15473
Patch: https://salsa.debian.org/ssh-team/openssh/commit/4641c58a3279f6b118f9562babaa0ee050a38619
Technical analysis: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/
|
|
Any | Feature Request | High | High | [openssh-knock] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si openssh-knock
Repository : community
Name : openssh-knock
Version : 7.5p1-3
Description : Free version of the SSH connectivity tools, with OpenRC support and support for stealth TCP sockets
Architecture : x86_64
URL : https://www.openssh.com/portable.html
Licenses : custom:BSD
Groups : None
Provides : openssh
Depends On : krb5 openssl libedit ldns
Optional Deps : xorg-xauth: X11 forwarding
x11-ssh-askpass: input passphrase in X
Conflicts With : openssh
Replaces : None
Download Size : 728.50 KiB
Installed Size : 4822.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 17 Aug 2017 10:58:56 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [opensmtpd] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl-1.0.
$ pacman -Si opensmtpd
Repository : community
Name : opensmtpd
Version : 6.0.2p1-3
Description : Free implementation of the server-side SMTP protocol
Architecture : x86_64
URL : http://www.opensmtpd.org/
Licenses : custom
Groups : None
Provides : smtp-server smtp-forwarder
Depends On : libasr libevent openssl-1.0 pam
Optional Deps : None
Conflicts With : smtp-server smtp-forwarder
Replaces : None
Download Size : 237.25 KiB
Installed Size : 672.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Wed 05 Apr 2017 07:59:38 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Security Issue | Very Low | Critical | [opensmtpd] CVE-2020-8794 | Closed | |
Task Description
Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/
Qualys Security Advisory
LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)
Summary
Analysis
...
Acknowledgments
We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.
Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:
- Client-side exploitation: This vulnerability is remotely exploitable
in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.
- Server-side exploitation: First, the attacker must connect to the
OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).
We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.
The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”
|
|
Any | Freedom Issue | Medium | Low | [openslp] vague terminology "Open Source" in descriptio ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
extra/openslp 2.0.0-2.hyperbola1
Open-source implementation of Service Location Protocol, with OpenRC support
According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
Free-software implementation of Service Location Protocol, with OpenRC support
|
|
Any | Feature Request | High | High | [openslp] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si openslp
Repository : extra
Name : openslp
Version : 2.0.0-2.hyperbola1
Description : Open-source implementation of Service Location Protocol, with OpenRC support
Architecture : x86_64
URL : http://www.openslp.org
Licenses : BSD
Groups : None
Provides : None
Depends On : bash openssl
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 317.28 KiB
Installed Size : 1603.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 17 Aug 2017 09:08:29 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Freedom Issue | Medium | Low | [opensips] vague terminology "Open Source" in descripti ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
community/opensips 2.2.3-1
An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ...
According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A Free Software SIP Server able to act as a SIP proxy, registrar, location server, redirect server ...
|
|
Any | Feature Request | High | High | [opensips] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl.
$ pacman -Si opensips
Repository : community
Name : opensips
Version : 2.2.3-1
Description : An Open Source SIP Server able to act as a SIP proxy, registrar, location server, redirect server ...
Architecture : x86_64
URL : http://www.opensips.org
Licenses : GPL
Groups : None
Provides : None
Depends On : gcc-libs openssl db attr libxml2
Optional Deps : postgresql-libs
unixodbc
libldap
libmariadbclient
libsasl
python2
pcre
Conflicts With : None
Replaces : None
Download Size : 2.94 MiB
Installed Size : 10.78 MiB
Packager : Sergej Pupykin <pupykin.s+arch@gmail.com>
Build Date : Tue 25 Apr 2017 09:10:48 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Freedom Issue | Medium | Low | [openscenegraph] vague terminology "Open Source" in des ... | Closed | |
Task Description
This package contains vague terminology “Open Source”:
community/openscenegraph 3.4.0-5
An Open Source, high performance real-time graphics toolkit
According to:
https://www.gnu.org/distros/free-system-distribution-guidelines.html
We shall avoid vague terminology such as “Open Source”, please see here:
https://www.gnu.org/philosophy/words-to-avoid.html#Open
It would be good example to set to have proper description of packages without using “Open Source”.
eg.
A Free Software, high performance real-time graphics toolkit
|
|
Any | Feature Request | High | High | [opensc] rebuild package against libressl | Closed | |
Task Description
Rebuild package against libressl, since it depends on openssl-1.0.
$ pacman -Si opensc
Repository : community
Name : opensc
Version : 0.16.0-4
Description : Tools and libraries for smart cards
Architecture : x86_64
URL : https://github.com/OpenSC/OpenSC/wiki
Licenses : LGPL
Groups : None
Provides : None
Depends On : pcsclite libltdl openssl-1.0
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 933.26 KiB
Installed Size : 3241.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Wed 05 Apr 2017 07:57:42 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Feature Request | High | High | [openresolv] adapt package in accordance with the Hyper ... | Closed | |
Task Description
Adapt package in accordance with the Hyperbola Packaging Guidelines to follow the Hyperbola Social Contract .
|
|
Any | Security Issue | Very High | Critical | [openrc] use procps-ng's "sysctl" by default instead of ... | Closed | |
Task Description
Description:
Use procps-ng's "sysctl" by default instead of inetutils's "hostname" for
hostname support.
Since [inetutils] is an extra dependency for openrc, it
contains insecure commands like: ftp/rcp/rlogin/rsh/talk/telnet
For security reasons, procps-ng should be the tool to handle hostname
configuration through hostname init script because is a base package.
Additional info:
openrc 0.28-14
/etc/init.d/hostname
- hostname "$h"
+ case $(uname -s) in
+ GNU/Linux|Linux)
+ sysctl -qw kernel.hostname="$h"
+ ;;
+ *)
+ hostname "$h"
+ ;;
+ esac
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Set and run hostname init script
|
|
Any | Feature Request | Very High | Critical | [openrc] some init scripts are forced to load in certai ... | Closed | |
Task Description
Description:
Some init scrips are forced to load in certain runlevels by default (eg. boot) when
OpenRC is upgraded. It isn't good for virtualization environments like chroot that
doesn't require it to work.
Those scripts are:
* /etc/init.d/dmesg
* /etc/init.d/hwclock
* /etc/init.d/keymaps
* /etc/init.d/killprocs
* /etc/init.d/local
* /etc/init.d/loopback
* /etc/init.d/modules
* /etc/init.d/mount-ro
* /etc/init.d/swap
* /etc/init.d/sysctl
Note: "/etc/init.d/dmesg" should be loaded in "boot" runlevel instead of "sysinit" one at the first installation time.
Note: "/etc/init.d/local" should be loaded in "sysinit" runlevel instead of "default" and "nonetwork" one at the first installation time.
Additional info:
openrc 0.28-14
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Re-install and/or upgrade the OpenRC package.
|
|
Any | Feature Request | Very High | Critical | [openrc] some init scripts are forced to load in certai ... | Closed | |
Task Description
Description:
Some init scrips are forced to load in certain runlevels by default (eg. boot) when
OpenRC is upgraded. Also some of them are autoloaded by other init scripts.
It isn't good for virtualization environments like chroot that doesn't require it to
work.
These files need be removed:
* /etc/runlevels/boot/binfmt (optional)
* /etc/runlevels/boot/fsck (autoloaded from "root" init script)
* /etc/runlevels/boot/localmount (autoloaded from "bootmisc" init script)
* /etc/runlevels/boot/procfs (optional, mount "binfmt_misc" only)
* /etc/runlevels/boot/termencoding (autoloaded from "keymaps" init script)
* /etc/runlevels/default/netmount (optional)
* /etc/runlevels/shutdown/savecache (optional)
* /etc/runlevels/sysinit/devfs (autoload from "udev" init script)
* /etc/runlevels/sysinit/sysfs (autoload from "udev" init script)
Additional info:
openrc 0.28-14
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Re-install and/or upgrade the OpenRC package
|
|
Any | Bug Report | Very High | Critical | [openrc] set "devfs" init script to run before than any ... | Closed | |
Task Description
Description:
Set "devfs" init script to run before than any "logger" init script.
It fixes when any "logger" server is running with rc_logger activated
without the needed to add a "logger" init script on different runlevels.
Additional info:
openrc 0.28-14
/etc/init.d/devfs
- before dev
+ before dev logger
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Add "devfs" and any "logger" init script to default runlevel
|
|
Any | Feature Request | Low | Very Low | [openrc] services should be added to runlevels through ... | Closed | |
Task Description
The OpenRC services should be added to runlevels through installing process instead be forced each time when openrc package is upgraded, because some sysadmins need customize them and are useful for Xen environments.
Example:
rc-update
... |
agetty.tty1 | default
agetty.tty10 | default
agetty.tty11 | default
agetty.tty12 | default
agetty.tty2 | default
agetty.tty3 | default
agetty.tty4 | default
agetty.tty5 | default
agetty.tty6 | default
agetty.tty7 | default
agetty.tty8 | default
agetty.tty9 | default
... |
swap | boot
... |
rc-update del swap boot
rc-update del agetty.tty{12,11,10,9,8,7,6,5,4,3,2,1}
rc-update add agetty.tty{1,2,3} system # "system" runlevel runs after "default" runlevel
rc-update
... |
agetty.tty1 | system
agetty.tty10 | system
agetty.tty11 | system
agetty.tty12 |
agetty.tty2 |
agetty.tty3 |
agetty.tty4 |
agetty.tty5 |
agetty.tty6 |
agetty.tty7 |
agetty.tty8 |
agetty.tty9 |
... |
pacman -Sy openrc
rc-update
... |
agetty.tty1 | default system
agetty.tty10 | default system
agetty.tty11 | default system
agetty.tty12 | default
agetty.tty2 | default
agetty.tty3 | default
agetty.tty4 | default
agetty.tty5 | default
agetty.tty6 | default
agetty.tty7 | default
agetty.tty8 | default
agetty.tty9 | default
... |
swap | boot
... |
|
|
Any | Bug Report | Very Low | High | [openrc] scripts in /etc/local.d seem ignored | Closed | |
Task Description
Description:
Since the latest update of openrc, I am under the impression that the scripts in /etc/local.d are not executed anymore upon boot or shutdown. rc.log shows nothing though.
Additional info:
* openrc 0.28-18
Steps to reproduce:
Write a dummy script which says hello in /etc/local.d, make it executable and see that it is discarded.
|
|
Any | Bug Report | Very High | Critical | [openrc] run "sysctl" initscript after "net" initscript | Closed | |
Task Description
Description:
Additional info:
/etc/init.d/sysctl
- after clock
+ after clock net
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-18
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 193.18 KiB
Installed Size : 1720.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Sun 08 Jul 2018 01:28:16 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Bug Report | Very High | Critical | [openrc] rename "procfs" init script to "binfmt_misc", ... | Closed | |
Task Description
Description:
Rename "procfs" init script to "binfmt_misc", it isn't a "procfs"
/etc/init.d/procfs → /etc/init.d/binfmt_misc
-description="Mounts misc filesystems in /proc."
+description="Mounts binfmt_misc filesystems in /proc."
/etc/init.d/binfmt
- after clock procfs
+ after clock binfmt_misc
Additional info:
openrc 0.28-14
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
none
|
|
Any | Bug Report | Very High | Critical | [openrc] rename "chroot-nspawn" keyword to "chroot+unsh ... | Closed | |
Task Description
Description:
Rename "chroot-nspawn" keyword to "chroot+unshare" one
because"chroot+unshare" subsystem (chroot and unshare command)
is more precise than "chroot-nspawn" (systemd-nspawn
compatibility script) subsystem.
The files with "chroot-nspawn" keyword are:
* /etc/init.d/binfmt
* /etc/init.d/bootmisc (as SYSTEMD-NSPAWN)
* /etc/init.d/consolefont
* /etc/init.d/devfs
* /etc/init.d/dmesg
* /etc/init.d/fsck
* /etc/init.d/hostname
* /etc/init.d/hwclock
* /etc/init.d/keymaps
* /etc/init.d/localmount
* /etc/init.d/loopback
* /etc/init.d/mtab
* /etc/init.d/modules
* /etc/init.d/modules-load
* /etc/init.d/mount-ro
* /etc/init.d/net-online
* /etc/init.d/netmount
* /etc/init.d/numlock
* /etc/init.d/procfs
* /etc/init.d/root
* /etc/init.d/swap
* /etc/init.d/swclock
* /etc/init.d/sysctl
* /etc/init.d/sysfs
* /etc/init.d/termencoding
* /etc/init.d/urandom
Note:
chroot: run a command with special root directory
unshare: isolate the command in a different "Linux namespace"
Additional info:
openrc 0.28-14
/etc/rc.conf
# "" - nothing special
# "docker" - Docker container manager (GNU/Linux)
# "jail" - Jail (DragonflyBSD or FreeBSD)
# "lxc" - Linux Containers
# "openvz" - Linux OpenVZ
# "prefix" - Prefix
# "rkt" - CoreOS container management system (GNU/Linux)
# "subhurd" - Hurd subhurds (to be checked)
-# "chroot-nspawn" - Container created by chroot-nspawn
+# "chroot" - Chroot container (to be checked)
+# "chroot+unshare" - Chroot container using unshare command (GNU/Linux)
# "uml" - Usermode Linux
# "vserver" - Linux vserver
-# "xen0" - Xen0 Domain (GNU/Linux and NetBSD)
-# "xenU" - XenU Domain (GNU/Linux and NetBSD)
+# "xen0" - Xen0 Domain (GNU/HyperBK, GNU/Linux, FreeBSD and NetBSD)
+# "xenU" - XenU Domain (GNU/Hurd, GNU/HyperBK, GNU/Linux, FreeBSD, NetBSD and OpenBSD)
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Run OpenRC init
|
|
Any | Security Issue | Very High | Critical | [openrc] remove dangerous "local" init script | Closed | |
Task Description
Description:
“https://wiki.gentoo.org/wiki//etc/local.d”
Additional info:
remove:
“/etc/init.d/local”
“/etc/local.d/README”
“/etc/local.d/”
/etc/init.d/agetty
----
- after local
+ after *
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-17
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 194.10 KiB
Installed Size : 1727.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 05 Jul 2018 01:37:37 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Feature Request | Very High | Critical | [openrc] please remove "mtab", "modules-load" and "swcl ... | Closed | |
Task Description
Description:
Please remove "mtab", "modules-load" and "swclock" init scripts.
"mtab" is a deprecated and unmaintained init script,
because filesystem contains a mtab soft link.
"modules-load" init script, is a systemd compatibility configuration
to load the kernel modules from the "/etc/modules-load" configuration
directory.
This init script is useless, because the "modules" init script exists
and it's a duplicated feature.
If you need a module to load a module, just configure "/etc/conf.d/modules"
and start the "modules" init script or add a module in
the "/etc/mkinitcpio.conf" and run mkinitcpio -p $yourkernel
"swclock" is an useless init script, because is a service
setting the local clock based on last shutdown time.
If a machine doesn't support "/etc/rtc", then disable "clock_hctosys" and
"clock_systohc" from "/etc/conf.d/hwclock" with or without
NTP server/client. For chroot environments,"osclock" init script is the way.
Additional info:
openrc 0.28-14
/etc/init.d/localmount
-use lvm modules mtab root
+use lvm modules root
/etc/init.d/modules
- want modules-load
/etc/init.d/lm_sensors
-after modules-load
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-14
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 196.71 KiB
Installed Size : 1767.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Mon 07 May 2018 03:54:42 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
Enable the unused init scripts
|
|
Any | Bug Report | Very High | High | [openrc] needs a minor fix | Closed | |
Task Description
Description:
Additional info:
openrc /usr/lib/rc/sh/init.sh
—
- mount -n -t proc -o noexec,nosuid,nodev,gid=proc,hidepid=2 proc /proc
+ mount -n -t proc -o noexec,nosuid,nodev proc /proc
+ mount -n /proc -o remount,gid=26,hidepid=2
Steps to reproduce:
|
|
Any | Feature Request | Very High | High | [openrc] minor fix in /proc mount option | Closed | |
Task Description
Description:
Change the “/proc” filesystem option, reverting FS#1038 .
Additional info:
/usr/lib/rc/sh/init.sh
----
- mount -n -t proc -o noexec,nosuid,nodev,hidepid=2,gid=proc proc /proc
+ mount -n -t proc -o noexec,nosuid,nodev,gid=26,hidepid=2 proc /proc
$ pacman -Si openrc
Repository : core
Name : openrc
Version : 0.28-17
Description : A dependency based init system that works with the system provided init program
Architecture : x86_64
URL : https://wiki.gentoo.org/wiki/Project:OpenRC
Licenses : BSD2
Groups : None
Provides : None
Depends On : psmisc pam
Optional Deps : netifrc: network interface management scripts
networkmanager: network connection manager and user applications
Conflicts With : None
Replaces : None
Download Size : 194.10 KiB
Installed Size : 1727.00 KiB
Packager : André Silva <emulatorman@hyperbola.info>
Build Date : Thu 05 Jul 2018 01:37:37 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
Steps to reproduce:
|
|
Any | Bug Report | High | High | [openrc] hwclock: Cannot access the Hardware Clock via ... | Closed | |
|
|
Any | Bug Report | Very High | Critical | [openrc] fix "chroot" initscript | Closed | |
|
|
Any | Bug Report | Very Low | Medium | [openrc] cannot load fuse at boot | Closed | |
|
|
Any | Bug Report | Very Low | Low | [openrc] agetty.tty loads in default runlevel only and ... | Closed | |
|
|
Any | Feature Request | Very High | Critical | [openrc] add hidepid support in /proc filesystem. | Closed | |
|
|
Any | Feature Request | Very High | Critical | [openrc] add chroot init config and script files | Closed | |
|
|
Any | Feature Request | Very High | Critical | [openrc] add "newinstance" mount parameter in "devpts" ... | Closed | |
|
|
Any | Feature Request | High | High | [openrc] adapt package in accordance with the Hyperbola ... | Closed | |
|
|
Any | Privacy Issue | Very High | Critical | [openrc] Google in init.d and conf.d configuration (ne ... | Closed | |
|
|
Any | Bug Report | Low | Medium | [openrc] Error: fopen(/run/openrc/rc.log) failed: No su ... | Closed | |
|
|
Stable | Bug Report | Very High | Critical | [openrc] Cowardly refusing to concatenate a logfile int ... | Closed | |
|
|
Any | Feature Request | High | High | [openrc-sysvcompat] adapt package in accordance with th ... | Closed | |
|
|
Any | Feature Request | High | High | [openrc-settingsd] adapt package in accordance with the ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openra] vague terminology "Open Source" in description ... | Closed | |
|
|
Any | Feature Request | High | High | [openntpd] rebuild package against libressl | Closed | |
|
|
Any | Freedom Issue | Very Low | Low | [openmw]: referring to assets in description | Closed | |
|
|
Any | Feature Request | Very Low | Critical | [openldap] needs OpenRC init script | Closed | |
|
|
Any | Feature Request | High | High | [openldap] adapt package in accordance with the Hyperbo ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [openldap] 2.4.44 multiple security issues | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openjpeg] vague terminology "Open Source" in descripti ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openjpeg2] vague terminology "Open Source" in descript ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openjdk8-src] vague terminology "Open Source" in descr ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [openjdk7-src] vague terminology "Open Source" in descr ... | Closed | |
|
|
Any | Feature Request | High | High | [openfwwf-firmware] adapt package in accordance with th ... | Closed | |
|
|
Any | Freedom Issue | Medium | Low | [opendmarc] vague terminology "Open Source" in descript ... | Closed | |
|
