Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Sugg. for SELinux enabled Interpreters
From: Russell Coker <russell_at_coker.com.au>
Date: Sat, 23 Apr 2005 07:41:34 +1000
Below is a message from Luke about this matter. In this example reconfiguring KDE is the better option. I've pasted the message because I have no net access at the moment and can't lookup a URL. We should get some bugs filed against kdeinit in all the distributions to make this an option that the administrator can configure permanently for the entire system. Also Fedora, RHEL, and any other distribution which gets SE Linux as the default install option should probably default to this.
Subject: kdeinit
as you've seen, i sent a message to the kde-devel list, stephan kindly responded by saying that it's possible to disable kdeinit by defining KDE_IS_PRELINKED. i've modified startkde (possibly not the smartest thing to do) to have this at the top: #!/bin/sh # # DEFAULT KDE STARTUP SCRIPT ( KDE-3.2 ) # KDE_IS_PRELINKED=1 export KDE_IS_PRELINKED and voila, it appears that i end up saving about 30mbyte of virtual memory - something that _could_ save a lot of time on a system that is pushed for physical ram. so it's a trade-off between saving some virtual memory and saving some speed in the library pre-loading. ... but the important thing is that as far as SE/Linux is concerned it IS possible to remove kdeinit from the loop, and therefore it IS possible to write selinux policy files without kdeinit getting in the way. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 22 Apr 2005 - 19:26:04 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |