Re: SE Linux packages
On Thu, Oct 18, 2007 at 10:49:10PM -0300, Felipe Sateler wrote:
> Steve Langasek wrote:
> > What I'm missing from your mail and blog entry is an explanation of why
> > the existing packages in etch don't do the job for letting users run with
> > strict
> > policy. Is the "semanage user -m" bug the only problem, or are there
> > others?
> Apparently there's at least the executable stack problem:
Well, the number of shared libs with this problem is fairly small; indeed,
SELinux is not the first kernel security patch to object to them. So that
doesn't prevent running an etch system with strict policy, it just prevents
a fairly small number of apps from working under strict policy.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.