[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch

On Fri, 21 Oct 2005 07:05:29 +0200, Christian Perrier <bubulle@debian.org> said: 

> (CC in case you don't follow -devel that closely given your current
> situation, Manoj. Please accept my apologies in advance if you
> do...)

>> At this point, most of the major packages that have to be modified
>> to enable a bare SELinux Debian system are in place, with coreutils
>> being the last holdout.

> Myself and other shadow package maintainers were wondering whether
> we have to compile shadow utilities (login, su, passwd...) with
> SELinux support.

> One of my co-maintainers said me we shouldn't because libselinux1 is
> not in the base system...which seems untrue..:-) (or I misunderstood
> him which is also likely)

> So, I guess we could, indeed...anyway I bet you'll ask us to do so
> at some moment, won't you?

        Oh, that's not needed. SElinux uses PAM to mediate access to
 the password (there is a SELinux PAM module now). So, people who want
 to enable SELinux on their machine have to do something like so:

,----[ Add SELinux capability to the system ]
| if ! grep pam_selinux.so /etc/pam.d/login >& /dev/null; then
|     echo "" >> /etc/pam.d/login
|     echo "session required pam_selinux.so multiple" >> /etc/pam.d/login
|     echo "" >> /etc/pam.d/login
| fi

        Thanks for asking, though.

ps: an MRI rapidly palls after the first 20 minutes or so
pps: I also happen to agree with DK below
A person who is more than casually interested in computers should be
well schooled in machine language, since it is a fundamental part of a
computer.  -- Donald Knuth
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: