Bug#866252: apt-get update doesn't work when connection is filtered through iptables owner module
On Wed, 28 Jun 2017 22:10:08 +0200 Julian Andres Klode <jak@debian.org>
wrote:
> On Thu, Jun 29, 2017 at 12:34:37AM +0530, Prahlad Yeri wrote:
> > Package: apt
> > Version: 1.4.6
> >
> > I'm not very sure that this is a bug or not, but I'm inclined to treat
> > this as bug because its different from expected behavior. iptables
> > is a well known component of Linux kernel and many users use it to
> > control access to network resources and especially the Internet.
> >
> > The problem here is that when you use the owner module to restrict
> > access to only root group, the root user(sudo) isn't able to do the
> > "apt-get update" (or rather any apt-get command that uses the internet
> > such as "apt-get download"), though he is able to use the internet
> > otherwise.
>
> Downloads are performed by the _apt user for security reasons.
>
> --
> Debian Developer - deb.li/jak | jak-linux.org - free software dev
> | Ubuntu Core Developer |
> When replying, only quote what is necessary, and write each reply
> directly below the part(s) it pertains to ('inline'). Thank you.
>
>
Hi,
You may want to read the stretch release-notes, which document this
change. :)
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#apt-unpriv-acquire
Thanks,
~Niels
Reply to: