Am 19.03.2014 20:16, schrieb Ary Kleinerman:
There's not really much magic going on. Are you aware of:
/etc/systemd/system
This contains symlinks that do already pretty much what you describe, and
this
is systemd's native configuration.
Paul,
Don't forget
/run/systemd/system: Runtime
Am 26.03.2014 23:13, schrieb Gesh:
Thanks for the pointers.
If I understand what's going on correctly, units specify in their [Install]
section whether, when they're enabled, they should be pulled in by other
units.
Those symlinks usually populate the appropriate directory under
Hello,
2014-03-26 20:18 GMT+01:00 Leonid Isaev lis...@umail.iu.edu:
On Wed, 26 Mar 2014 19:56:26 +0100
Thomas Bächler tho...@archlinux.org wrote:
Hello all,
it won't be too long until 3.14 is out and I want to address a topic
that has been bugging me for a while. Our kernel includes
I think what Nicolas says is a good idea. I realise that Arch is not really
a security-focused distro, but having to not recompile the kernel on my
laptop after every upgrade with SELinux enabled is a pretty awesome thing.
I realise that this is not really relevant to most Archers, but with Siosm
On March 27, 2014 9:25:24 AM GMT+02:00, Thomas Bächler tho...@archlinux.org
wrote:
Am 26.03.2014 23:13, schrieb Gesh:
Thanks for the pointers.
If I understand what's going on correctly, units specify in their
[Install] section whether, when they're enabled, they should be pulled
in by other
Am 27.03.2014 09:41, schrieb Gesh:
Basically, if I understood what happens correctly, the units under
/etc/systemd/system/*.wants/ - or their targets, if they're symlinks -
replace their corresponding units in the dependency graph.
Not exactly.
When you place a unit in foo.wants, then foo
On Thursday 27 Mar 2014 09:07:23 Nicolas Iooss wrote:
c) Create a package (linux-src?) which install the kernel sources
and provides an easy way to customize the config before making the packages
(with pkgbuild). Currently linux-grsec AUR package provides this feature by
using the MENUCONFIG
On March 27, 2014 11:20:04 AM GMT+02:00, Thomas Bächler
tho...@archlinux.org wrote:
Am 27.03.2014 09:41, schrieb Gesh:
Basically, if I understood what happens correctly, the units under
/etc/systemd/system/*.wants/ - or their targets, if they're symlinks -
replace their corresponding units in
Am 27.03.2014 13:26, schrieb Gesh:
But what if bar.unit Wants=foo.unit and I add a custom foo.unit to
bar.unit.wants/ ? Will both be run? Will the custom foo.unit replace the
built-in?
I don't know what happens if you try, but there can only be one unit of
the same name.
signature.asc
Am 27.03.2014 09:07, schrieb Nicolas Iooss:
I agree regarding SELinux/Apparmor (it's not only userspace tools, but also
sane application policies that are missing).
I strongly disagree with removing LSM from the packaged kernel. I'm
currently using SELinux with AUR packages [1] (which I help
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 27.03.2014 13:46, schrieb Thomas Bächler:
Do you even know what that means? If I see this right, every time
the kernel needs to do some permission check, it needs to ask are
we using LSM xyz?. In any case, it's more code and thus more room
Am 27.03.2014 15:24, schrieb Simon Brand:
Am 27.03.2014 13:46, schrieb Thomas Bächler:
Do you even know what that means? If I see this right, every time
the kernel needs to do some permission check, it needs to ask are
we using LSM xyz?. In any case, it's more code and thus more room
for
În ziua de Miercuri 26 Martie 2014, la 19:56:26, Thomas Bächler a scris:
I want to trim our kernel down to what we actually support.
1) Once we agreed to disable one LSM, everyone else said we can enable
LSM XYZ, too. And so we did. Right now, we enable SELinux, SMACK,
Tomoyo, AppArmor and
On Thu, Mar 27, 2014 at 09:07:23AM +0100, Nicolas Iooss wrote:
Here are three arguments to motivate my disagreement.
* First, removing LSM support makes it difficult for users to test
LSM. Before 3.13 kernel, users needed to recompile their kernel (or to
install linux-selinux AUR package)
On Wed, 26 Mar 2014 22:17:25 +0100
Thomas Bächler tho...@archlinux.org wrote:
Am 26.03.2014 21:31, schrieb Leonid Isaev:
On Wed, 26 Mar 2014 21:00:15 +0100
Thomas Bächler tho...@archlinux.org wrote:
Am 26.03.2014 20:18, schrieb Leonid Isaev:
However, I don't think that Yama requires
On 2014-03-25 15:59, arch-general-requ...@archlinux.org wrote:
--
Message: 1
Date: Mon, 24 Mar 2014 22:49:06 +0100
From: Jakub Klinkovsk? j@gmx.com
Subject: Re: [arch-general] graphical display management
Interestingly,
On Thursday 27 Mar 2014 16:45:35 message wrote:
On 2014-03-25 15:59, arch-general-requ...@archlinux.org wrote:
--
Message: 1
Date: Mon, 24 Mar 2014 22:49:06 +0100
From: Jakub Klinkovsk? j@gmx.com
Subject: Re:
On Thursday, March 27, 2014 04:45:24 PM Arthur Țițeică wrote:
My opinion on this is that the kernel should be the ground on which
userspace should always work.
Features should be taken out with bug reports demonstrating
breakage in
general usage, slowdowns or security risks.
Another
On 2014-03-25 15:59, arch-general-requ...@archlinux.org wrote:
--
Message: 2
Date: Tue, 25 Mar 2014 00:15:27 +0100
From: Guus Snijders gsnijd...@gmail.com
Subject: Re: [arch-general] graphical display management
Ok. Could you try resetting the password for user a?
TL;DR: this is a technical answer which can be seen as slightly
off-topic as it focus only on SELinux and not much about kernel config
trimming.
2014-03-27 13:46 GMT+01:00 Thomas Bächler tho...@archlinux.org:
Am 27.03.2014 09:07, schrieb Nicolas Iooss:
I agree regarding SELinux/Apparmor (it's
2014-03-27 16:31 GMT+01:00 Bigby James bigby.ja...@crepcran.com:
On Thu, Mar 27, 2014 at 09:07:23AM +0100, Nicolas Iooss wrote:
Here are three arguments to motivate my disagreement.
* First, removing LSM support makes it difficult for users to test
LSM. Before 3.13 kernel, users needed to
I am a complete noob and only follow the lists out of interest. I am
also very young, so please forgive my impertinence. Thanks Thomas for
your work!! Just my 2c:
On 03/27/2014 08:34 PM, Nicolas Iooss wrote:
2014-03-27 16:31 GMT+01:00 Bigby James bigby.ja...@crepcran.com:
On Thu, Mar 27, 2014
On 27.03.2014 21:59, Bennett Piater wrote:
I am a complete noob and only follow the lists out of interest.
First lesson which also applies to a bunch of other people in this
thread: only quote what you need. 129 lines of quoted text before your
reply is bad.
signature.asc
Description:
On Thu, Mar 27, 2014 at 5:46 AM, Thomas Bächler
The fact that these LSMs must be compiled into the kernel and cannot be built
as modules tells you something important: These options change the behaviour
of the kernel at its core.
I was under the impression that this was s security feature to
On Wed, Mar 26, 2014 at 11:54:29AM -0600, Squall Lionheart wrote:
On Tue, Mar 25, 2014 at 4:55 PM, Magnus Therning mag...@therning.orgwrote:
I'm just starting to dip my toes in the mono waters. Slightly
prompted by my current situation at work. In particular I'm
interested in F#, but
On Thu, Mar 27, 2014 at 10:11 AM, Kevin Ott
This seems like it doesn't exactly fit with the Arch Way though. Arch is
supposed to be simple and minimal. Why should the default be add all
the features for a distribution that is partially based on being minimal
and lightweight?
I guess I just
On Thu, Mar 27, 2014 at 2:19 PM, Peter Baldridge petebaldri...@gmail.com
wrote:
I thought part of 'minimal' meant that the packages were as stock as
possible. I was under the impression that we shipped minimally
altered packages and it was up to the administrator to perfect each
package to
Am 27.03.2014 20:33, schrieb Nicolas Iooss:
TL;DR: this is a technical answer which can be seen as slightly
off-topic as it focus only on SELinux and not much about kernel config
trimming.
Very interesting, thanks for looking into it deeper. I'll leave most of
this uncommented.
This does
On Tue, Mar 25, 2014 at 5:26 PM, Karol Babioch ka...@babioch.de wrote:
Hi,
now that GNOME 3.12 has been released and probably will hit the repos in
the next couple of days/weeks, I'm wondering what the current status of
Software is [1]? This is an application similar to an app store in the
On 27 March 2014 21:34, Kevin Ott supercodingmon...@gmail.com wrote:
I'm pretty sure your summary is accurate. However, these are things done in
a configuration file when building the kernel. There isn't really a default.
There is -- download the kernel sources and run make defconfig.
It'll
30 matches
Mail list logo