Re: SE Linux packages

To: debian-devel@lists.debian.org
Subject: Re: SE Linux packages
From: Steve Langasek <vorlon@debian.org>
Date: Fri, 19 Oct 2007 23:38:34 -0700
Message-id: <[🔎] 20071020063834.GD6957@dario.dodds.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] ff92gh$1k8$1@ger.gmane.org>
References: <[🔎] 200710190926.20301.russell@coker.com.au> <[🔎] 20071019012922.GC27830@dario.dodds.net> <[🔎] ff92gh$1k8$1@ger.gmane.org>

On Thu, Oct 18, 2007 at 10:49:10PM -0300, Felipe Sateler wrote:
> Steve Langasek wrote:

> > What I'm missing from your mail and blog entry is an explanation of why
> > the existing packages in etch don't do the job for letting users run with
> > strict
> > policy.  Is the "semanage user -m" bug the only problem, or are there
> > others?

> Apparently there's at least the executable stack problem:

> http://etbe.coker.com.au/2007/10/10/lintian-and-executable-stacks/
> http://etbe.coker.com.au/2007/10/07/executable-stack-and-shared-objects/

Well, the number of shared libs with this problem is fairly small; indeed,
SELinux is not the first kernel security patch to object to them.  So that
doesn't prevent running an etch system with strict policy, it just prevents
a fairly small number of apps from working under strict policy.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to:

References:
- SE Linux packages
  - From: Russell Coker <russell@coker.com.au>
- Re: SE Linux packages
  - From: Steve Langasek <vorlon@debian.org>
- Re: SE Linux packages
  - From: Felipe Sateler <fsateler@gmail.com>

Prev by Date: Re: Enabling and installing of "risky" ("patented") codecs - madeeasy
Next by Date: use of "Uploaders:" field for team maintained packages
Previous by thread: Re: SE Linux packages
Next by thread: Work-needing packages report for Oct 19, 2007
Index(es):
- Date
- Thread