On Sat, 26 Jan 2002 14:17, Valdis.Kletnieksat_private wrote: > On Sat, 26 Jan 2002 13:20:29 +1100, Russell Coker <bofhat_private> said: > > You can build a RPM or DEB package on a machine without any LSM support > > and then install it on an LSM machine. As long as the package > > dependencies were correct then it would work fine. > > Try that with an NTP RPM, and let me know how well it works when the LSM > you have loaded refuses to allow the process to set the system clock. ;) There are only two problems with that: 1) There has been no chsid/relabel operation done after the files were put in place to give them the correct security settings. 2) The standard RPM package of NTP undoubtably doesn't use run_init. For Debian we are currently discussing ways of solving 1. One suggestion that can be immidiately supported is to unpack a package, search it's file list and match it on /etc/flask/file_contexts, and apply SIDs appropriates. Then continue with the package configuration. I could possibly even divert dpkg to a wrapper which does this. For 2 I plan to mess with start-stop-daemon in Debian. These things are solvable! -- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Sun Jan 27 2002 - 16:25:52 PST