On Mon, 21 May 2007 20:05:54 +1000, Russell Coker <[EMAIL PROTECTED]> said:
>> localStrict.te included below). I can compile my packages, and run
> Does localStrict.te really provide a benefit?
It quells any AVC messages; and some of them were quite
prolific. This way, any new message
On Saturday 19 May 2007 02:00, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
> > We'd also need people to work on e.g. an exim and a tomcat policy.
>
> I don't use exim, or tomcat, so this is likely to take me
> longer. The version I uploaded last night now fixes all the problems I
> saw l
On Saturday 19 May 2007 02:08, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
> On Wed, 16 May 2007 22:54:00 +1000, Russell Coker <[EMAIL PROTECTED]> >
>
I have not yet made this change. I have discovered additional
> issues with cron;
> ,
>
> | #= initrc_t ==
>
On Sat, 12 May 2007 18:56:02 +0200, Erich Schubert <[EMAIL PROTECTED]>
said:
>> After that, I need to start branching out, and adding, say, apache2
>> servers to my UML, and checking validity of strict policy.
> We'd also need people to work on e.g. an exim and a tomcat policy.
I don't
On Wed, 16 May 2007 22:54:00 +1000, Russell Coker <[EMAIL PROTECTED]> said:
> I have attached a patch that I'm using in my work on getting a strict
> unstable system to work.
Applied the changes, and uploaded a new refpolicy package.
> I believe that cron should be allowed to set limits
> > I am attaching the local.te file below for comment; some of
> > this should probably go into the refpolicy package, and, eventually,
> > upstream.
>
> Would be nice to actually append the file.
I have attached a patch that I'm using in my work on getting a strict unstable
sy
Hi Manoj,
Thanks for the work on getting SELinux strict working!
Are you using an initrd and/or udev in your UML?
> I think we need to create debian specific policy changes to
> allow searching /var, /var/lib. and /var/lib/dpkg. We also read file
> permissions on files in /var/lib/dpkg;
Hi,
I have just uploaded a version of refpolicy that has a number of
Debian specific SELinux policy changes. I can now do and aptitude
update, and aptitude upgrade while running strict policy in enforcing
mode in my UML machine. The createfs.sh script now incorporates all
the recommen
On Thu, 10 May 2007 09:13:40 -0500, Manoj Srivastava
<[EMAIL PROTECTED]> said:
> I am attaching the local.te file below for comment; some of
> this should probably go into the refpolicy package, and, eventually,
> upstream.
Would be nice to actually append the file.
m
Hi folks,
I have started in earnest to try and get the current reference
policy to the point where I can create a headless build virtual machine
running strict policy in enforcing mode. At this point, I have a
local.te file that enables me to log in, either as root or as myself,
moun
10 matches
Mail list logo
