permission-hardener error

mrxmr · November 10, 2024, 10:45am

Today I noticed that in whonix-workstation-17 template, I started getting permission-hardener error:

[template workstation user ~]% sudo apt remove elpa-rainbow-delimiters 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages will be REMOVED:
  elpa-rainbow-delimiters
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 45.1 kB disk space will be freed.
Do you want to continue? [Y/n] 
(Reading database ... 494208 files and directories currently installed.)
Removing elpa-rainbow-delimiters (2.1.5-3) ...
Remove elpa-rainbow-delimiters for emacs
remove/rainbow-delimiters-2.1.5: Handling removal of emacsen flavor emacs
dh-elpa: purging flavor specific files for emacs
Processing triggers for security-misc (3:39.9-1) ...
INFO: triggered security-misc: 'security-misc' security-misc DPKG_MAINTSCRIPT_NAME: 'postinst' $\@: 'triggered /usr' 2: '/usr'
/usr/libexec/security-misc/mmap-rnd-bits: INFO: No Linux config file detected in folder /boot/ (starting with 'config-'). Therefore using built-in defaults.
/usr/libexec/security-misc/mmap-rnd-bits: INFO: Successfully written ASLR map config file:
/etc/sysctl.d/30_security-misc_aslr-mmap.conf
Running SUID Disabler and Permission Hardener... See also:
https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener
/var/lib/dpkg/info/security-misc.postinst: INFO: running: permission-hardener enable
permission-hardener: [NOTICE]: Run: setcap -r -- /bin/ping
permission-hardener: [ERROR]: Removing capabilities failed. File: '/bin/ping'
permission-hardener: [NOTICE]: To compare the current and previous permission modes, install 'meld' (or preferred diff tool) for comparison of file mode changes:
    sudo apt install --no-install-recommends meld
    meld /var/lib/permission-hardener/existing_mode/statoverride /var/lib/permission-hardener/new_mode/statoverride
permission-hardener: [ERROR]: Exiting with non-zero exit code: '205'
/var/lib/dpkg/info/security-misc.postinst: ERROR: Permission hardening failed.

What’s the significance of the [ERROR] messages here? Why did I start getting these? Previously I wouldn’t get these [ERROR] messages with the permission-hardener after package install/remove.

Patrick · November 10, 2024, 11:33am

Minor. Too much too explain.

Out of scope for Support Request Policy.

This will be fixed through an upgrade in the near future.

Developer information:

related:
setcap Command Does Not Support End-of-Options Marker --

Patrick · November 10, 2024, 12:17pm

The fixed security-misc package is now in all repositories.