Hello all,
this should be getting close to final, please respond if you have any bug
reports, change requests, or questions.
The lspp_policy.te file is now clean, I deleted the last policy workaround
which was no longer needed.
Changes (thanks to everyone who tested and contributed):
lspp_policy.te: Remove obsolete bug workaround
Kickstart postinst: Update recommended package update list
lspp-config script: remove outdated FIXMEs (no functionality change)
Kickstart: disable firewall by default to match previous version behavior
Cups config: revert auth requirement, new methods currently being developed
Cups fixes by Matt Anderson: authentication, PCL printing, page labels
There was recently a bug opened up about lprm being able to cancel any
job. This has a preliminary fix for that issue as well as a couple
other things.
Changelog:
* Add "AuthType Basic" to force authentication when canceling a job
* Modify the mime files to support PCL printing
* Add some additional text explaining the behavior of
ClassifyOverride
as well as the possible values to Classification.
* Add placeholder for coming option PerPageLabels, I'm still
working on
the functionality around that, but it will be a way an admin can
disable
the label on each page if it gets to be too cumbersome.
Add optional setsockcreate auditing
Remove "debug" from pam_namespace.so PAM entries
Sort package lists and update comments (no package changes)
Disable cron mail sending in LSPP mode using "-m /bin/true" crond arg
Remove "/usr/bin/at", not part of evaluated config
Add ssh-mls on port 222 to default firewall allowed ports
Load firewall rules at boot; add IPSEC (ESP, AH, isakmp) to firewall permits
update recommended package update list
s390x: adding vsftpd package
adding chcat to root-only executable list (it's broken in MLS mode)
s390x: Add missing s390 libs to support test cases
Cups config: change "ClassifyOverride" setting to "Off"
Add module autoload blacklist for tux; add sysctl.conf update capability
(unused)
I used the following packages from
http://people.redhat.com/sgrubb/files/lspp in the postinstall phase:
acl-2.2.39-2.el5.i386.rpm
audit-1.3.1-2.el5.i386.rpm
audit-libs-1.3.1-2.el5.i386.rpm
audit-libs-devel-1.3.1-2.el5.i386.rpm
audit-libs-python-1.3.1-2.el5.i386.rpm
kernel-2.6.18-8.1.1.el5.lspp.68.i686.rpm
kernel-devel-2.6.18-8.1.1.el5.lspp.68.i686.rpm
libacl-2.2.39-2.el5.i386.rpm
libacl-devel-2.2.39-2.el5.i386.rpm
mcstrans-0.2.3-1.el5.i386.rpm
openssh-4.3p2-18.el5.i386.rpm
openssh-clients-4.3p2-18.el5.i386.rpm
openssh-server-4.3p2-18.el5.i386.rpm
pam-0.99.6.2-3.17.el5.i386.rpm
pam-devel-0.99.6.2-3.17.el5.i386.rpm
selinux-policy-2.4.6-45.el5.noarch.rpm
selinux-policy-devel-2.4.6-45.el5.noarch.rpm
selinux-policy-mls-2.4.6-45.el5.noarch.rpm
selinux-policy-strict-2.4.6-45.el5.noarch.rpm
selinux-policy-targeted-2.4.6-45.el5.noarch.rpm
vixie-cron-4.1-66.2.el5.i386.rpm
You'll need to run "rpm -Uvh --oldpackage *.rpm" to install them since
the kernel version number looks older than the installed one.
You can also do this once the system is installed. The installer should
work with the plain RC versions.
RPM download:
http://klaus.vh.swiftco.net/lspp/SRPMS/
http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
Git repository:
http://klaus.vh.swiftco.net/lspp/git/
-Klaus
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
