On Fri, 21 Oct 2005 07:05:29 +0200, Christian Perrier <[EMAIL PROTECTED]> said:
> (CC in case you don't follow -devel that closely given your current
> situation, Manoj. Please accept my apologies in advance if you
> do...)
>> At this point, most of the major packages that have to be modified
>> to enable a bare SELinux Debian system are in place, with coreutils
>> being the last holdout.
> Myself and other shadow package maintainers were wondering whether
> we have to compile shadow utilities (login, su, passwd...) with
> SELinux support.
> One of my co-maintainers said me we shouldn't because libselinux1 is
> not in the base system...which seems untrue..:-) (or I misunderstood
> him which is also likely)
> So, I guess we could, indeed...anyway I bet you'll ask us to do so
> at some moment, won't you?
Oh, that's not needed. SElinux uses PAM to mediate access to
the password (there is a SELinux PAM module now). So, people who want
to enable SELinux on their machine have to do something like so:
,----[ Add SELinux capability to the system ]
| if ! grep pam_selinux.so /etc/pam.d/login >& /dev/null; then
| echo "" >> /etc/pam.d/login
| echo "session required pam_selinux.so multiple" >> /etc/pam.d/login
| echo "" >> /etc/pam.d/login
| fi
`----
Thanks for asking, though.
manoj
ps: an MRI rapidly palls after the first 20 minutes or so
pps: I also happen to agree with DK below
--
A person who is more than casually interested in computers should be
well schooled in machine language, since it is a fundamental part of a
computer. -- Donald Knuth
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
