Hello, yet another update. Changes:
Bugfix: SUID bits weren't being removed on rootfs filesystem type
Improve conf script logging; add -n (print only) mode
Add workaround for vsftpd auth (RIT#107824); delete obsolete inactive policy
Enable vsftpd session handling (needed for fail-secure audit mode)
IMPORTANT: this REQUIRES post-beta-snapshot updated packages, the ks
script will instruct you in the postinstall section about the details. I
used the following for i386:
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os/Fedora/RPMS/selinux-policy-2.4.6-9.fc7.noarch.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os/Fedora/RPMS/selinux-policy-devel-2.4.6-9.fc7.noarch.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os/Fedora/RPMS/selinux-policy-mls-2.4.6-9.fc7.noarch.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os/Fedora/RPMS/selinux-policy-strict-2.4.6-9.fc7.noarch.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/development/i386/os/Fedora/RPMS/selinux-policy-targeted-2.4.6-9.fc7.noarch.rpm
http://people.redhat.com/sgrubb/files/lspp/kernel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
http://people.redhat.com/sgrubb/files/lspp/kernel-devel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
http://people.redhat.com/dwalsh/SELinux/RHEL5/i386/pam-0.99.6.2-3.6.el5.i386.rpm
http://people.redhat.com/dwalsh/SELinux/RHEL5/i386/pam-devel-0.99.6.2-3.6.el5.i386.rpm
Known issues:
- may generate a broken grub config, I suggest checking it using a shell
escape in the postinstall (I needed to change root from (hd1,0) to
(hd0,0) in vmware, /boot/grub/device.map maps hd0 to /dev/hdc instead
of /dev/sda). Workaround:
umount /boot
mount /boot
grub-install --recheck hd0
RPM download:
http://klaus.vh.swiftco.net/lspp/SRPMS/
http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
Git repository:
http://klaus.vh.swiftco.net/lspp/git/
-Klaus
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
