Re: Should selinux be standard?
On Tuesday 16 September 2008 22:45, Julien Cristau <email@example.com>
> On Tue, Sep 16, 2008 at 14:12:13 +0200, Josselin Mouette wrote:
> > Le dimanche 14 septembre 2008 à 21:32 +1000, Russell Coker a écrit :
> > > For a typical desktop system (such as my EeePC) a default installation
> > > of SE Linux in Lenny works for most things.
> > What do you mean by "most things"? What is not working?
> I just tried booting with selinux=1 on my laptop. I see errors from mpd
> related to /usr/lib/libtheora.so.0.3.3,
On i386 architecture the Lenny package is built with text relocations, this
reduces the security in all operations but can enable a performance increase
in some situations. My Lenny SE Linux repository has packages to fix that.
> from xdm starting my X session,
Were you running version 1:1.1.8-4?
> from sudo reading /etc/resolv.conf, from dmesg reading the system log,
> from ssh-add connecting to the ssh agent socket,
What was the context of your shell?
> from dhclient3 reading
> /proc/net, creating a socket and doing anything with it, then some more
> errors from bind startup, postfix startup,
Was Postfix configured not to chroot?
> mutt, gpgkeys_hkp (apparently
> it's not allowed to connect to 11371/tcp, firefox, or gconfd-2. Uptime
> is about 20 minutes, and dmesg|grep -c 'avc: denied' returns 73.
> Looks like it's not ready for prime time to me.
Can you file bug reports with AVC messages?
http://etbe.coker.com.au/ My Blog
http://www.coker.com.au/sponsorship.html Sponsoring Free Software development