Re: coreutils with selinux support
On Wed, 2003-07-23 at 17:58, Brian May wrote: On Wed, Jul 23, 2003 at 11:58:33AM -0400, Michael Stone wrote: On Wed, Jul 23, 2003 at 09:43:17AM -0400, Clint Adams wrote: How about selinux support? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193328 SE-Linux support would be good. There is also the question of which patch to apply; there are two very different ones for 2.4 SELinux and 2.5 SELinux. For this reason at least it's probably worth just waiting until 2.6 comes out and is more widely used, and we can just drop support for 2.4 from unstable.
Re: coreutils with selinux support
On Wed, 23 Jul 2003 17:58, Brian May wrote: In answer to your question in the bug report, currently SE-Linux users install a patched coreutils (as well as shadow (login), cron, ssh, devfsd, logrotate, fcron, stat, procps, and psmisc) from Russell's devfsd is not modified. The conflicts for devfsd is because the sample configuration files for the old version of devfsd messed up SE Linux permissions on terminal devices. The other packages listed above are all modified by necessity. archive (unstable) or my archive (stable). A modified version of dpkg is also required, it runs a script after dpkg installs a package that updates the file labels for the new files in the package. Eventually dpkg will have enough functionality that the standard dpkg will do all that I require. It may be some time though. Also I don't think SE-Linux will compile under *all* architectures yet which is also a big problem. The current version of SE Linux compiles under UML, i386, and ARM. It could be easily ported to M68k and any other architecture that does not support multiple word sizes (SPARC and PPC are problemmatic for this). The next version (which is going to be in 2.6.0) will not have any special system calls and will use /proc for such things. Therefore it should compile on all platforms without effort. At that time we can work more seriously on getting SE Linux into main. The next version may be back-ported to 2.4.x. Hopefully that will happen and then I can get all of this (apart from the modified dpkg) into main before the next release. For those of you at OLS, Stephen Smalley's BOF will cover these issues (on the kernel side - I will give a little talk about the Debian issues if there is interest). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: coreutils with selinux support
On Wed, Jul 23, 2003 at 11:58:33AM -0400, Michael Stone wrote: On Wed, Jul 23, 2003 at 09:43:17AM -0400, Clint Adams wrote: How about selinux support? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=193328 SE-Linux support would be good. In answer to your question in the bug report, currently SE-Linux users install a patched coreutils (as well as shadow (login), cron, ssh, devfsd, logrotate, fcron, stat, procps, and psmisc) from Russell's archive (unstable) or my archive (stable). A modified version of dpkg is also required, it runs a script after dpkg installs a package that updates the file labels for the new files in the package. I gather though you don't like the quality of the existing patch (I haven't checked it myself)? Also I don't think SE-Linux will compile under *all* architectures yet which is also a big problem. -- Brian May [EMAIL PROTECTED]