SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: An SELinux policy for Red Hat 9 This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Bradley Chapman <kakadu_at_gmail.com> Date: Fri, 9 Jul 2004 15:52:00 +0100 Mr. Smalley, On Fri, 09 Jul 2004 08:14:13 -0400, Stephen Smalley <sds@epoch.ncsc.mil> wrote: > > > On Fri, 2004-07-09 at 07:43, Bradley Chapman wrote: > > On Fri, 9 Jul 2004 21:11:55 +1000, Russell Coker <russell@coker.com.au> wrote: > > > But if you REALLY want to use RHL 9, the current policy should work OK, you > > > just have to make the appropriate changes to pam, logrotate, cron, coreutils, > > > etc. > > > > What sort of changes? Path changes? > > I think Russell is referring to the userland patches for those > packages. The current patches and SRPMS in our userland tree are drawn > from the Fedora Core development tree, so you are likely to run into > dependency problems building them on RH9. And Fedora Core actually > includes _many_ other patched userland packages for SELinux; we only > maintain a core subset in our tree for reference purposes for people who > want to port to other distributions. A few examples of patched userland > packages in Fedora Core that are not in our tree include gdm, usermode, > atd, and libuser, and there are many others. There is also the issue of > glibc security awareness; the RH9 glibc won't enable secure mode upon > domain transitions, unlike the Fedora Core glibc. Oh. I thought the patches mentioned were confined mostly to core system utilities; I had no idea that FC2's modifications for SELlinux were quite that extensive! > > If you truly are limited to using RH9, then you should likely grab an > older release of SELinux that was based on RH9. But life will be > simpler if you can move to FC2. Well, in light of your recommendations, I will certainly consider such a move now. If I do decide to move to FC2, how difficult will it then become to adapt the SELinux policy to my needs? > > -- > Stephen Smalley <sds@epoch.ncsc.mil> > National Security Agency > Brad -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Fri 9 Jul 2004 - 10:52:15 EDT This message: [ Message body ] Next message: Stephen Smalley: "Re: An SELinux policy for Red Hat 9" Previous message: Russell Coker: "Re: policy to allow upgrade of nfs-utils" In reply to: Stephen Smalley: "Re: An SELinux policy for Red Hat 9" Next in thread: Stephen Smalley: "Re: An SELinux policy for Red Hat 9" Reply: Stephen Smalley: "Re: An SELinux policy for Red Hat 9" Reply: Valdis.Kletnieks_at_vt.edu: "Re: An SELinux policy for Red Hat 9" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom