---------- Forwarded Message ---------- Subject: Re: UNS: RE: UNS: RE: [Dazuko-devel] capability as a module on fc8 Date: Monday 10 March 2008 From: jim burns <[EMAIL PROTECTED]> To: "Tikka, Sami" <[EMAIL PROTECTED]>
On Monday 10 March 2008 04:10:27 am you wrote: > I'll have to check if we have already fixed that. The version of dazuko we > ship in our Linux Security product (currently in beta) is able to figure > out the syscall table readonly issues without the user needing to configure > dazuko differently. > > If you want to try it yourself, you can download Linux Security > (http://www.f-secure.com/linux-weblog/2008/01/08/linux-security-700-beta-3/ >) and install it. Please tell me if it works for you. I'm more interested in 'pure' dazuko, and the new directions John is taking it in, like stackable file systems. I'll check this out later to see what else it offers. > What was the Linux distro and version where you tried it? Fedora 8. Been a problem since fc6. My SuSE system works with out a hitch, because capability is stackable on SuSE, unlike Fedora's commoncap/capability combo. The default configuration for openSuSE 10.3 doesn't even load capability. (I don't know how things like Avahi drop root privileges without it, but they do.) > -- Sami > > P.S. Yes, I know it is a bad thing F-Secure uses its own version of dazuko. > We will try to contribute our fixes back to John Ogness. > > P.P.S. The installation package contains the official dazuko 2.3.4 and a > patch with all F-Secure's changes. I'm anxiously awaiting John folding those changes back in, altho I understand if he is tired of patching a dinosaur - hence the stackable file system direction. :-) Ps, Hmm - From the Known Problems section of your release notes: 51858 Scanning NFS client accesses on server side is not possible. As a workaround, please configure a scheduled scan for the exported directories. This is a big problem, as my Fedora system exports '/'. Is this your limitation, or dazuko's? Not that I haven't thought of another AV alternative to antivir/dazuko, when I first read that LSM is going away. Thanx for the response. ------------------------------------------------------- _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
