On Thu, Oct 18, 2007 at 10:49:10PM -0300, Felipe Sateler wrote: > Steve Langasek wrote:
> > What I'm missing from your mail and blog entry is an explanation of why > > the existing packages in etch don't do the job for letting users run with > > strict > > policy. Is the "semanage user -m" bug the only problem, or are there > > others? > Apparently there's at least the executable stack problem: > http://etbe.coker.com.au/2007/10/10/lintian-and-executable-stacks/ > http://etbe.coker.com.au/2007/10/07/executable-stack-and-shared-objects/ Well, the number of shared libs with this problem is fairly small; indeed, SELinux is not the first kernel security patch to object to them. So that doesn't prevent running an etch system with strict policy, it just prevents a fairly small number of apps from working under strict policy. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]