[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SE Linux packages

On Thu, Oct 18, 2007 at 10:49:10PM -0300, Felipe Sateler wrote:
> Steve Langasek wrote:

> > What I'm missing from your mail and blog entry is an explanation of why
> > the existing packages in etch don't do the job for letting users run with
> > strict
> > policy.  Is the "semanage user -m" bug the only problem, or are there
> > others?

> Apparently there's at least the executable stack problem:

> http://etbe.coker.com.au/2007/10/10/lintian-and-executable-stacks/
> http://etbe.coker.com.au/2007/10/07/executable-stack-and-shared-objects/

Well, the number of shared libs with this problem is fairly small; indeed,
SELinux is not the first kernel security patch to object to them.  So that
doesn't prevent running an etch system with strict policy, it just prevents
a fairly small number of apps from working under strict policy.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to: