On Fri, Sep 15, 2006 at 02:02:29PM -0500, Manoj Srivastava wrote:
> On Fri, 15 Sep 2006 02:21:18 -0700, Steve Langasek <[EMAIL PROTECTED]> said:
> > Ok. What about cron, su, *dm, sudo, samba, ftp servers...? All of
> > these processes change uids as well after authentication, do they
> > also
Hi,
On Fri, 15 Sep 2006 02:21:18 -0700, Steve Langasek <[EMAIL PROTECTED]> said:
> Ok. What about cron, su, *dm, sudo, samba, ftp servers...? All of
> these processes change uids as well after authentication, do they
> also need selinux support?
Cron runs properly in crond_t already, t
On Fri, Sep 15, 2006 at 10:59:07AM +0200, Erich Schubert wrote:
> Hello Steve,
> > Could you remind me why this module is specific to /etc/pam.d/ssh and
> > /etc/pam.d/login, rather than something that should be enabled in the global
> > config?
> AFAIK it's because login and ssh are interactive s
On Thu, Sep 14, 2006 at 08:49:08PM -0300, Otavio Salvador wrote:
> Doing that allow us, in grub-installer, check if it's going to be
> installed and hack menu.lst by default.
It is not done if grub supports it, each of them needs to do it.
Bastian
--
Death, when unnecessary, is a tragic thing.
Hello Steve,
> Could you remind me why this module is specific to /etc/pam.d/ssh and
> /etc/pam.d/login, rather than something that should be enabled in the global
> config?
AFAIK it's because login and ssh are interactive sessions. These might
be using different contexts (e.g. sysadm_r, staff_r,
Quoting Steve Langasek ([EMAIL PROTECTED]):
> On Thu, Sep 14, 2006 at 11:54:34PM +0200, Erich Schubert wrote:
> > Hi Manoj, Russell, Debian-Boot,
> > Thinking some more about it, I have large doubts that we'll have a
> > somewhat working SELinux out of the box with etch. There is still quite
> > so
On Thu, Sep 14, 2006 at 11:54:34PM +0200, Erich Schubert wrote:
> Hi Manoj, Russell, Debian-Boot,
> Thinking some more about it, I have large doubts that we'll have a
> somewhat working SELinux out of the box with etch. There is still quite
> some stuff we would need to do some auto setup magic (or
> For example both /etc/pam.d/login and /etc/pam.d/ssh need to be
> modified. The modification in ssh is in, just needs to be uncommented. I
> think Uwe just contacted the shadow maintainers about the login change.
/me being one of the two main shadow maintainers, the problem should soon
be solve
Frans Pop <[EMAIL PROTECTED]> writes:
> On Friday 15 September 2006 00:52, [EMAIL PROTECTED] wrote:
>> > Promoting selinux to standard is probably a post-Etch issue anyway
>> > as there is currently very little feedback and AIUI quite a bit of
>> > tuning is needed yet.
>>
>> If you say en
On Thu, 14 Sep 2006 23:11:10 +0200, Frans Pop <[EMAIL PROTECTED]> said:
> On Thursday 14 September 2006 22:02, Joey Hess wrote:
>> Manoj Srivastava wrote:
>> > The size of the .debs for targeted policy is 2185702
>> > Bytes.
>> I don't have any real problem with adding 2 mb more
On Friday 15 September 2006 00:52, [EMAIL PROTECTED] wrote:
> > Promoting selinux to standard is probably a post-Etch issue anyway
> > as there is currently very little feedback and AIUI quite a bit of
> > tuning is needed yet.
>
> If you say enabling SELinux by default, like fedora ships i
Hi Manoj, Russell, Debian-Boot,
Thinking some more about it, I have large doubts that we'll have a
somewhat working SELinux out of the box with etch. There is still quite
some stuff we would need to do some auto setup magic (or at least
convince the maintainers).
For example both /etc/pam.d/login a
On Thursday 14 September 2006 22:02, Joey Hess wrote:
> Manoj Srivastava wrote:
> > The size of the .debs for targeted policy is 2185702 Bytes.
>
> I don't have any real problem with adding 2 mb more to standard. A
> tasksel task could be done if there's some reason not to add it to
> stand
Christian Perrier <[EMAIL PROTECTED]> writes:
> Quoting Joey Hess ([EMAIL PROTECTED]):
>> Manoj Srivastava wrote:
>> > The size of the .debs for targeted policy is 2185702 Bytes.
>>
>> I don't have any real problem with adding 2 mb more to standard. A
>> tasksel task could be done if ther
Quoting Joey Hess ([EMAIL PROTECTED]):
> Manoj Srivastava wrote:
> > The size of the .debs for targeted policy is 2185702 Bytes.
>
> I don't have any real problem with adding 2 mb more to standard. A
> tasksel task could be done if there's some reason not to add it to
> standard.
A tasks
Manoj Srivastava wrote:
> The size of the .debs for targeted policy is 2185702 Bytes.
I don't have any real problem with adding 2 mb more to standard. A
tasksel task could be done if there's some reason not to add it to
standard.
> As shipped, the Debian kernel images have SELinux
Erich Schubert <[EMAIL PROTECTED]> writes:
> So the average user will only be confused by this option, since it
> rarely will work properly for him. This would make more sense for
> switching between strict and targeted policy. The key bootup files such
> as /sbin/init have the same labels in thes
Hello Christian,
> And, as an idea thrown in the wild, given that Manoj mentioned that
> SELinux support needs a kernel commend-line switch to be activated,
> couldn't we add "(SELinux enabled)"-like entries to the bootloader
> entries the same way we do with "(recovery)" at least with the default
Quoting Otavio Salvador ([EMAIL PROTECTED]):
> Manoj Srivastava <[EMAIL PROTECTED]> writes:
>
> > With the help of
> > apt-rdepends --dotty selinux-policy-refpolicy-targeted
> > I have managed to determine that the packages not already included in
> > Priority Standard are:
>
> If isn
Manoj Srivastava <[EMAIL PROTECTED]> writes:
> With the help of
> apt-rdepends --dotty selinux-policy-refpolicy-targeted
> I have managed to determine that the packages not already included in
> Priority Standard are:
If isn't possible to make it installed by default I think we could
Hi,
Long past when I thought the tool chain foe SELinux would
stabilize, we have a working set of packages for the targeted policy
(the same one Red Hat ships in fedora/rawhide).
Just installing a SELinux policy package is all that is now
needed in unstable; that should pull in
21 matches
Mail list logo