On Thu, 12 Oct 2006 14:12:54 +0100, Ian Jackson <[EMAIL PROTECTED]> said:
> Mr Yan writes ("Re: Making SELinux standard for etch"):
>> Ian Jackson wrote:
>> > if (selinux_enabled > 0)
>> > if(setfscreatecon(NULL) < 0)
>> >
On Thu, Oct 12, 2006 at 02:12:54PM +0100, Ian Jackson wrote:
> Indeed, if you're willing to take my word as a computer security
> expert[1] for it, I can say with confidence that selinux is not the
> right approach to fixing the security problems with our systems.
> It probably does more harm than
Mr Yan writes ("Re: Making SELinux standard for etch"):
> Ian Jackson wrote:
> > if (selinux_enabled > 0)
> > if(setfscreatecon(NULL) < 0)
> > perror("Error restoring default security context:");
> >
> > Error che
On Wed, 11 Oct 2006 12:20:05 +0100, Yan <[EMAIL PROTECTED]> said:
> Ian Jackson wrote:
>> Furthermore, the SELinux patches I have seen in various
>> applications have given me an extremely poor impression of the code
>> quality[1]. This will probably extend to other areas of SELinux.
>>
>> I s
Ian Jackson wrote:
> Furthermore, the SELinux patches I have seen in various applications
> have given me an extremely poor impression of the code quality[1].
> This will probably extend to other areas of SELinux.
>
> I say, ditch SELinux.
>
> Ian.
>
> [1] Here's just one example, from src/archi
Manoj Srivastava writes ("Making SELinux standard for etch"):
> We are at a point where we can support a targeted SELinux
> policy, at least in permissive mode. Everything seems to work for
> me; I can fire up targeted SELinux UML's and only see a few harmles
On Fri, Oct 06, 2006 at 05:35:32PM -0500, Manoj Srivastava wrote:
> As shipped, the Debian kernel images have SELinux compiled in,
> but disabled, a command line parameter is required to turn SELinux
> on. When SELinux is turned on (by enabling it in grub), the default
> policy setting a
On (08/10/06 17:22), Uwe Hermann wrote:
> Hi,
>
> On Sat, Oct 07, 2006 at 10:36:25PM +0100, James Westby wrote:
> > If you have exim installed, you must either install postfix or write an
> > exim policy, as none currently exists.
> >
> > Is this still the case? It seems that it would be odd
James Westby <[EMAIL PROTECTED]> wrote:
[...]
> If you have exim installed, you must either install postfix or write an
> exim policy, as none currently exists.
> Is this still the case?
[...]
Yes it is. #387327 #390179
Neither Marc nor me are using selinux and therefore we do not
have the k
On Oct 07, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
> Realistically, most people do not use vacation, finger, and
> sharutils either.
I have no objections to demoting any of these.
> Are we talking about disk usage? I am not sure
> that the increase in disk usage is perceptible on a
Hi,
On Sat, Oct 07, 2006 at 10:36:25PM +0100, James Westby wrote:
> If you have exim installed, you must either install postfix or write an
> exim policy, as none currently exists.
>
> Is this still the case? It seems that it would be odd to install it by
> default if the default MTA is not
* Manoj Srivastava <[EMAIL PROTECTED]> [2006-10-07 00:42]:
(...)
> As per policy, I am raising a balloon about ths issue; I think
> if we ship vacation, finger, and sharutils, we can also ship
> mandatory acess controls in the standard distribution :)
>
> As shipped, the Debian
On (06/10/06 17:35), Manoj Srivastava wrote:
> Hi,
>
> We are at a point where we can support a targeted SELinux
> policy, at least in permissive mode. Everything seems to work for
> me; I can fire up targeted SELinux UML's and only see a few harmless
> log messages.
>
Hi,
I am inte
Andreas Barth <[EMAIL PROTECTED]> writes:
> If people think finger and sharutils are not important enough anymore to
> still be standard, we can still fix that.
I think finger at least should be downgraded to optional at this point.
How many people still run a finger server? Stanford has one, I
On Fri, Oct 06, 2006 at 05:35:32PM -0500, Manoj Srivastava wrote:
> As per policy, I am raising a balloon about ths issue; I think
> if we ship vacation, finger, and sharutils, we can also ship
> mandatory acess controls in the standard distribution :)
This would make me very happy! :)
On Fri, Oct 06, 2006 at 07:33:40PM -0500, Manoj Srivastava wrote:
> On Sat, 7 Oct 2006 01:04:50 +0200, Marco d'Itri <[EMAIL PROTECTED]> said:
>
> > On Oct 07, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
> >> The size of the .debs for targeted policy is 2185702 Bytes, and
> >> adds seven packages
On Sat, 7 Oct 2006 15:29:43 +0200, Christian Perrier <[EMAIL PROTECTED]> said:
> Quoting Christian Perrier ([EMAIL PROTECTED]):
>> Supported by shadow maintainers. If you think they're needed,
>> they'll be here (I doubt it would be hard to convince release
>> managers to make a freeze exception
Manoj wrote:
>
>As per policy, I am raising a balloon about ths issue; I think
> if we ship vacation, finger, and sharutils, we can also ship
> mandatory acess controls in the standard distribution :)
Sounds like a good plan to me...
--
Steve McIntyre, Cambridge, UK.
Hi,
* Manoj Srivastava ([EMAIL PROTECTED]) [061007 00:41]:
> I brought this over on the debian-installer mailing list, and
> suggested that we ship SELinux installed, but turned off by default;
> and a README or a short shell script fr the local administrator to
> enable SELinux. Our s
Quoting Christian Perrier ([EMAIL PROTECTED]):
> Supported by shadow maintainers. If you think they're needed, they'll
> be here (I doubt it would be hard to convince release managers to make
> a freeze exception for this).
I was of course meaning "if you think that changes to what's already
the
Hi,
On Fri, Oct 06, 2006 at 07:27:50PM -0500, Manoj Srivastava wrote:
> It is easier to turn on something that is already installed;
Full ACK. We want to make it as easy as possible for Debian users to
profit from the added security features they gain from SELinux. IMHO.
> we can add c
El sáb, 07-10-2006 a las 01:04 +0200, Marco d'Itri escribió:
> On Oct 07, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
>
> > The size of the .debs for targeted policy is 2185702 Bytes,
> > and adds seven packages to the standard install. No special
> While I like much the idea of having s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/06/06 18:56, Hendrik Sattler wrote:
> Am Samstag 07 Oktober 2006 00:35 schrieb Manoj Srivastava:
[snip]
> Well, most users have enough to find out what groups they must be in for
> fully
> working desktop (>= 8). How many will use _any_ SELinux
> It is easier to turn on something that is already installed;
> we can add commented out lines to /etc/pam.d/login, for example, and
> tell people to just uncomment the commented lines in place.
Supported by shadow maintainers. If you think they're needed, they'll
be here (I doubt it
On Sat, 7 Oct 2006 01:04:50 +0200, Marco d'Itri <[EMAIL PROTECTED]> said:
> On Oct 07, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
>> The size of the .debs for targeted policy is 2185702 Bytes, and
>> adds seven packages to the standard install. No special
> While I like much the idea of having
On Sat, 7 Oct 2006 01:56:53 +0200, Hendrik Sattler <[EMAIL PROTECTED]> said:
> Am Samstag 07 Oktober 2006 00:35 schrieb Manoj Srivastava:
>> We are at a point where we can support a targeted SELinux policy,
>> at least in permissive mode. Everything seems to work for me; I
>> can fire up targe
Am Samstag 07 Oktober 2006 00:35 schrieb Manoj Srivastava:
> We are at a point where we can support a targeted SELinux
> policy, at least in permissive mode. Everything seems to work for
> me; I can fire up targeted SELinux UML's and only see a few harmless
> log messages.
What do those look
This one time, at band camp, Manoj Srivastava said:
> As per policy, I am raising a balloon about ths issue; I think
> if we ship vacation, finger, and sharutils, we can also ship
> mandatory acess controls in the standard distribution :)
I say go ahead, FWIW.
--
--
On Oct 07, Manoj Srivastava <[EMAIL PROTECTED]> wrote:
> The size of the .debs for targeted policy is 2185702 Bytes,
> and adds seven packages to the standard install. No special
While I like much the idea of having solid and easy to deploy
selinux-related packages, I object to installin
Hi,
We are at a point where we can support a targeted SELinux
policy, at least in permissive mode. Everything seems to work for
me; I can fire up targeted SELinux UML's and only see a few harmless
log messages.
I brought this over on the debian-installer mailing list, and
sug
30 matches
Mail list logo
