Hello,
an update to go with snapshot 5, which appears to work with no issues so
far (knock on wood) :-) :-) :-)
Changes:
Remove requirements for packages that are current in snapshot5
(pam, selinux-policy)
activate MLS sshd on port 2222 via xinetd
Activate MLS level selection for local console login
Add 'retry' option when post-install rpm upgrade fails
(Thanks to Klaus Kiwi for the patch)
This works for me without updates.img, and installs a correct grub config
(yay!). According to the README I think the bug the updates.img fixes
isn't applicable to this ks script.
I added the following updated packages for i386, but it should also work
to update those later:
http://people.redhat.com/sgrubb/files/lspp/kernel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
http://people.redhat.com/sgrubb/files/lspp/kernel-devel-2.6.18-1.2840.2.1.el5.lspp.57.i686.rpm
Since these appeare older than the snapshot5 kernel, you need to install
them with:
rpm -Uvh --oldpackage kernel-*
rm kernel-*
If you want ssh-via-xinetd on port 2222 to work, you'll need the patch
from this bug, and recompile openssh:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220487
rpm -i ~kw/openssh-4.3p2-14.el5.src.rpm
cd /usr/src/redhat
rpmbuild -bc --nodeps SPECS/openssh.spec
cd BUILD/openssh-*
patch -p2 < ~kw/openssh-xinetd-MLS.diff
make sshd
mv /usr/sbin/sshd /usr/sbin/sshd.old
cp sshd /usr/sbin/sshd
restorecon /usr/sbin/sshd
Known issues:
- if you upgrade PAM packages on biarch systems (not needed this time),
always update both the 32bit and 64bit PAM packages together
RPM download:
http://klaus.vh.swiftco.net/lspp/SRPMS/
http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
Git repository:
http://klaus.vh.swiftco.net/lspp/git/
-Klaus
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
