Re: Backporting SELinux to woody
On Fri, 12 Mar 2004 06:25, Norbert Tretkowski <[EMAIL PROTECTED]> wrote: > * Milan P. Stanic wrote: > > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb > > instead of libselinux1_1.6-0.1_i386.deb? > > Well, if 1.6-0.1 will be in our next stable release, your backport > will not be replaced with the version from stable. > > I'd suggest using libselinux1_1.6-0.0-bp.mps_i386.deb instead. Actually there was already a 1.6-1 release which will be in stable (unless we get newer versions first). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Backporting SELinux to woody
On Fri, 12 Mar 2004 06:25, Norbert Tretkowski <[EMAIL PROTECTED]> wrote: > * Milan P. Stanic wrote: > > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb > > instead of libselinux1_1.6-0.1_i386.deb? > > Well, if 1.6-0.1 will be in our next stable release, your backport > will not be replaced with the version from stable. > > I'd suggest using libselinux1_1.6-0.0-bp.mps_i386.deb instead. Actually there was already a 1.6-1 release which will be in stable (unless we get newer versions first). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Thu, Mar 11, 2004 at 08:25:15PM +0100, Norbert Tretkowski wrote: > * Milan P. Stanic wrote: > > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb > > instead of libselinux1_1.6-0.1_i386.deb? > > Well, if 1.6-0.1 will be in our next stable release, your backport > will not be replaced with the version from stable. > > I'd suggest using libselinux1_1.6-0.0-bp.mps_i386.deb instead. OK. Packages are on the: deb http://www.rns-nis.co.yu/~mps selinux/ deb-src http://www.rns-nis.co.yu/~mps selinux/ I don't have experience in making deb-src repositories but I hope it is ok. If anything is wrong (is anything ok? :-) ) please, tell me. There are packages which I'm using to test SELinux under UML and woody. SELinux packages depends on the attr and libattr from http://www.backports.org I'll try to make html page about it tomorrow.
Re: Backporting SELinux to woody
On Thu, Mar 11, 2004 at 08:25:15PM +0100, Norbert Tretkowski wrote: > * Milan P. Stanic wrote: > > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb > > instead of libselinux1_1.6-0.1_i386.deb? > > Well, if 1.6-0.1 will be in our next stable release, your backport > will not be replaced with the version from stable. > > I'd suggest using libselinux1_1.6-0.0-bp.mps_i386.deb instead. OK. Packages are on the: deb http://www.rns-nis.co.yu/~mps selinux/ deb-src http://www.rns-nis.co.yu/~mps selinux/ I don't have experience in making deb-src repositories but I hope it is ok. If anything is wrong (is anything ok? :-) ) please, tell me. There are packages which I'm using to test SELinux under UML and woody. SELinux packages depends on the attr and libattr from http://www.backports.org I'll try to make html page about it tomorrow. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
* Milan P. Stanic wrote: > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb > instead of libselinux1_1.6-0.1_i386.deb? Well, if 1.6-0.1 will be in our next stable release, your backport will not be replaced with the version from stable. I'd suggest using libselinux1_1.6-0.0-bp.mps_i386.deb instead. Norbert
Re: Backporting SELinux to woody
* Milan P. Stanic wrote: > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb > instead of libselinux1_1.6-0.1_i386.deb? Well, if 1.6-0.1 will be in our next stable release, your backport will not be replaced with the version from stable. I'd suggest using libselinux1_1.6-0.0-bp.mps_i386.deb instead. Norbert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Thu, 11 Mar 2004 22:14, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > On Thu, Mar 11, 2004 at 09:42:52PM +1100, Russell Coker wrote: > > If you copy all files related to a package intact then you don't have to > > make such changes. > > > > If you make any changes at all (even re-compiling with a different > > compiler and/or libc) then you must update the changelog appropriately. > > Is it enough to put note in changelog that the package is backported > to woody? Yes, that's fine. > I can do that for binary packages tomorrow but I don't have > enough time for sources until next week. > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb > instead of libselinux1_1.6-0.1_i386.deb? Sure. The exact version numbering isn't overly important. People who put multiple back-port repositories in their apt config may get results that don't work well, but that's just a mistake anyway. Just make sure that your repository is in some way internally consistent and can be differentiated from other repositories and everything will be fine. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Backporting SELinux to woody
On Thu, Mar 11, 2004 at 09:42:52PM +1100, Russell Coker wrote: > If you copy all files related to a package intact then you don't have to make > such changes. > > If you make any changes at all (even re-compiling with a different compiler > and/or libc) then you must update the changelog appropriately. Is it enough to put note in changelog that the package is backported to woody? I can do that for binary packages tomorrow but I don't have enough time for sources until next week. Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb instead of libselinux1_1.6-0.1_i386.deb?
Re: Backporting SELinux to woody
On Thu, 11 Mar 2004 20:40, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > On Thu, Mar 11, 2004 at 09:02:50AM +1100, Russell Coker wrote: > > > If someone needs them I can put it on the net or post somewhere, or > > > maybe help if the help is needed. > > > > If you could establish an apt repository for it then that would be very > > useful. Brian's SE Linux packages haven't been updated for a while. > > Can I leave control and changelog files in packages as is they now, > i.e. original from respective DD's? > I don't like idea to rebuild all of them just to put my name, comments > and notes. If you copy all files related to a package intact then you don't have to make such changes. If you make any changes at all (even re-compiling with a different compiler and/or libc) then you must update the changelog appropriately. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Backporting SELinux to woody
On Thu, 11 Mar 2004 22:14, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > On Thu, Mar 11, 2004 at 09:42:52PM +1100, Russell Coker wrote: > > If you copy all files related to a package intact then you don't have to > > make such changes. > > > > If you make any changes at all (even re-compiling with a different > > compiler and/or libc) then you must update the changelog appropriately. > > Is it enough to put note in changelog that the package is backported > to woody? Yes, that's fine. > I can do that for binary packages tomorrow but I don't have > enough time for sources until next week. > Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb > instead of libselinux1_1.6-0.1_i386.deb? Sure. The exact version numbering isn't overly important. People who put multiple back-port repositories in their apt config may get results that don't work well, but that's just a mistake anyway. Just make sure that your repository is in some way internally consistent and can be differentiated from other repositories and everything will be fine. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Thu, Mar 11, 2004 at 09:02:50AM +1100, Russell Coker wrote: > > If someone needs them I can put it on the net or post somewhere, or > > maybe help if the help is needed. > > If you could establish an apt repository for it then that would be very > useful. Brian's SE Linux packages haven't been updated for a while. Can I leave control and changelog files in packages as is they now, i.e. original from respective DD's? I don't like idea to rebuild all of them just to put my name, comments and notes.
Re: Backporting SELinux to woody
On Thu, Mar 11, 2004 at 09:42:52PM +1100, Russell Coker wrote: > If you copy all files related to a package intact then you don't have to make > such changes. > > If you make any changes at all (even re-compiling with a different compiler > and/or libc) then you must update the changelog appropriately. Is it enough to put note in changelog that the package is backported to woody? I can do that for binary packages tomorrow but I don't have enough time for sources until next week. Can I put in version something like libselinux1_1.6-0.1-bp.mps_i386.deb instead of libselinux1_1.6-0.1_i386.deb? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Thu, 11 Mar 2004 20:40, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > On Thu, Mar 11, 2004 at 09:02:50AM +1100, Russell Coker wrote: > > > If someone needs them I can put it on the net or post somewhere, or > > > maybe help if the help is needed. > > > > If you could establish an apt repository for it then that would be very > > useful. Brian's SE Linux packages haven't been updated for a while. > > Can I leave control and changelog files in packages as is they now, > i.e. original from respective DD's? > I don't like idea to rebuild all of them just to put my name, comments > and notes. If you copy all files related to a package intact then you don't have to make such changes. If you make any changes at all (even re-compiling with a different compiler and/or libc) then you must update the changelog appropriately. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Thu, Mar 11, 2004 at 09:02:50AM +1100, Russell Coker wrote: > > If someone needs them I can put it on the net or post somewhere, or > > maybe help if the help is needed. > > If you could establish an apt repository for it then that would be very > useful. Brian's SE Linux packages haven't been updated for a while. Can I leave control and changelog files in packages as is they now, i.e. original from respective DD's? I don't like idea to rebuild all of them just to put my name, comments and notes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Thu, 11 Mar 2004 08:22, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote: > > That is. I just rebuilt policycoreutils and pam with libselinux1 > > which is linked with libattr and it was smooth. > > Now I have to backport coreutils and sysvinit, huh. > > Hate to reply myself, but I'd like to inform you that I backported > libselinux, selinux-utils, policycoreutils, pam, coreutils, sysvinit, > checkpolicy and selinux-policy-default to woody. It works under UML. > > If someone needs them I can put it on the net or post somewhere, or > maybe help if the help is needed. If you could establish an apt repository for it then that would be very useful. Brian's SE Linux packages haven't been updated for a while. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Backporting SELinux to woody
On Thu, 11 Mar 2004 08:22, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote: > > That is. I just rebuilt policycoreutils and pam with libselinux1 > > which is linked with libattr and it was smooth. > > Now I have to backport coreutils and sysvinit, huh. > > Hate to reply myself, but I'd like to inform you that I backported > libselinux, selinux-utils, policycoreutils, pam, coreutils, sysvinit, > checkpolicy and selinux-policy-default to woody. It works under UML. > > If someone needs them I can put it on the net or post somewhere, or > maybe help if the help is needed. If you could establish an apt repository for it then that would be very useful. Brian's SE Linux packages haven't been updated for a while. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote: > That is. I just rebuilt policycoreutils and pam with libselinux1 > which is linked with libattr and it was smooth. > Now I have to backport coreutils and sysvinit, huh. Hate to reply myself, but I'd like to inform you that I backported libselinux, selinux-utils, policycoreutils, pam, coreutils, sysvinit, checkpolicy and selinux-policy-default to woody. It works under UML. If someone needs them I can put it on the net or post somewhere, or maybe help if the help is needed.
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 01:29:16PM +0100, Milan P. Stanic wrote: > That is. I just rebuilt policycoreutils and pam with libselinux1 > which is linked with libattr and it was smooth. > Now I have to backport coreutils and sysvinit, huh. Hate to reply myself, but I'd like to inform you that I backported libselinux, selinux-utils, policycoreutils, pam, coreutils, sysvinit, checkpolicy and selinux-policy-default to woody. It works under UML. If someone needs them I can put it on the net or post somewhere, or maybe help if the help is needed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 10:04:38PM +1100, Russell Coker wrote: > > So, the question: how can I link libattr to libselinux1? > > Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO). That is. I just rebuilt policycoreutils and pam with libselinux1 which is linked with libattr and it was smooth. Now I have to backport coreutils and sysvinit, huh. Thank you, Russell.
Re: Backporting SELinux to woody
On Wed, 10 Mar 2004 21:26, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > > There have been some changes to the way libxattr works. From memory I > > think that you needed an extra -l option on the link command line when > > compiling with old libc6. I can't remember whether it was linking the > > PAM module or libselinux that needed it (or maybe both). > > I already found that -lattr should be added to Makefiles in > policycoreutils-1.6 to build it and to Makefile for pam_unix module > into libpam. I also think that the same should be done in > libselinux1-1.6 and even looked through Makefiles there, but didn't > found where and how to link libattr to libselinux1. That because I > don't know how to build libraries i.e. I know ./configure && make > or fakeroot debian/rules binary for libraries but I don't know > low-level work. > > So, the question: how can I link libattr to libselinux1? Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 10:04:38PM +1100, Russell Coker wrote: > > So, the question: how can I link libattr to libselinux1? > > Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO). That is. I just rebuilt policycoreutils and pam with libselinux1 which is linked with libattr and it was smooth. Now I have to backport coreutils and sysvinit, huh. Thank you, Russell. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 04:58:14PM +1100, Russell Coker wrote: > > I suspect that the problem can be with old glibc (2.2.5) but I'm not > > sure. Because that I'd like to ask should I backport glibc from sarge? > > There have been some changes to the way libxattr works. From memory I think > that you needed an extra -l option on the link command line when compiling > with old libc6. I can't remember whether it was linking the PAM module or > libselinux that needed it (or maybe both). I already found that -lattr should be added to Makefiles in policycoreutils-1.6 to build it and to Makefile for pam_unix module into libpam. I also think that the same should be done in libselinux1-1.6 and even looked through Makefiles there, but didn't found where and how to link libattr to libselinux1. That because I don't know how to build libraries i.e. I know ./configure && make or fakeroot debian/rules binary for libraries but I don't know low-level work. So, the question: how can I link libattr to libselinux1?
Re: Backporting SELinux to woody
On Wed, 10 Mar 2004 21:26, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > > There have been some changes to the way libxattr works. From memory I > > think that you needed an extra -l option on the link command line when > > compiling with old libc6. I can't remember whether it was linking the > > PAM module or libselinux that needed it (or maybe both). > > I already found that -lattr should be added to Makefiles in > policycoreutils-1.6 to build it and to Makefile for pam_unix module > into libpam. I also think that the same should be done in > libselinux1-1.6 and even looked through Makefiles there, but didn't > found where and how to link libattr to libselinux1. That because I > don't know how to build libraries i.e. I know ./configure && make > or fakeroot debian/rules binary for libraries but I don't know > low-level work. > > So, the question: how can I link libattr to libselinux1? Edit src/Makefile and add -lattr in the $(CC) line for $(LIBSO). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, Mar 10, 2004 at 04:58:14PM +1100, Russell Coker wrote: > > I suspect that the problem can be with old glibc (2.2.5) but I'm not > > sure. Because that I'd like to ask should I backport glibc from sarge? > > There have been some changes to the way libxattr works. From memory I think > that you needed an extra -l option on the link command line when compiling > with old libc6. I can't remember whether it was linking the PAM module or > libselinux that needed it (or maybe both). I already found that -lattr should be added to Makefiles in policycoreutils-1.6 to build it and to Makefile for pam_unix module into libpam. I also think that the same should be done in libselinux1-1.6 and even looked through Makefiles there, but didn't found where and how to link libattr to libselinux1. That because I don't know how to build libraries i.e. I know ./configure && make or fakeroot debian/rules binary for libraries but I don't know low-level work. So, the question: how can I link libattr to libselinux1? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Backporting SELinux to woody
On Wed, 10 Mar 2004 08:58, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > [ Sorry, I'm not sure if this list is right place to ask this, but > I can't remember better one ] The NSA mailing list is another option, but this one is OK. > I'm trying to backport SELinux tools and libraries from unstable to > stable (woody). Well, actually I succeed to build all except coreutils > and sysvinit and installed all under UML and get to the point where > I cannot login in. > I've found problem with pam (backported one) which is compiled on the > woody platform. > > Here is the syslog message: > - > Mar 9 19:29:44 [login] PAM adding faulty module: /lib/security/pam_unix.so > Mar 9 19:29:44 [login] PAM unable to dlopen(/lib/security/pam_selinux.so) > Mar 9 19:29:44 [login] PAM [dlerror: /lib/libselinux.so.1: undefined > symbol: ls etxattr] > - > > I suspect that the problem can be with old glibc (2.2.5) but I'm not > sure. Because that I'd like to ask should I backport glibc from sarge? There have been some changes to the way libxattr works. From memory I think that you needed an extra -l option on the link command line when compiling with old libc6. I can't remember whether it was linking the PAM module or libselinux that needed it (or maybe both). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Backporting SELinux to woody
On Wed, 10 Mar 2004 08:58, "Milan P. Stanic" <[EMAIL PROTECTED]> wrote: > [ Sorry, I'm not sure if this list is right place to ask this, but > I can't remember better one ] The NSA mailing list is another option, but this one is OK. > I'm trying to backport SELinux tools and libraries from unstable to > stable (woody). Well, actually I succeed to build all except coreutils > and sysvinit and installed all under UML and get to the point where > I cannot login in. > I've found problem with pam (backported one) which is compiled on the > woody platform. > > Here is the syslog message: > - > Mar 9 19:29:44 [login] PAM adding faulty module: /lib/security/pam_unix.so > Mar 9 19:29:44 [login] PAM unable to dlopen(/lib/security/pam_selinux.so) > Mar 9 19:29:44 [login] PAM [dlerror: /lib/libselinux.so.1: undefined > symbol: ls etxattr] > - > > I suspect that the problem can be with old glibc (2.2.5) but I'm not > sure. Because that I'd like to ask should I backport glibc from sarge? There have been some changes to the way libxattr works. From memory I think that you needed an extra -l option on the link command line when compiling with old libc6. I can't remember whether it was linking the PAM module or libselinux that needed it (or maybe both). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]