[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should selinux be standard?

On Tuesday 16 September 2008 22:45, Julien Cristau <jcristau@debian.org> 
> On Tue, Sep 16, 2008 at 14:12:13 +0200, Josselin Mouette wrote:
> > Le dimanche 14 septembre 2008 à 21:32 +1000, Russell Coker a écrit :
> > > For a typical desktop system (such as my EeePC) a default installation
> > > of SE Linux in Lenny works for most things.
> >
> > What do you mean by "most things"? What is not working?
> I just tried booting with selinux=1 on my laptop.  I see errors from mpd
> related to /usr/lib/libtheora.so.0.3.3,

On i386 architecture the Lenny package is built with text relocations, this 
reduces the security in all operations but can enable a performance increase 
in some situations.  My Lenny SE Linux repository has packages to fix that.

> from xdm starting my X session, 

Were you running version 1:1.1.8-4?

> from sudo reading /etc/resolv.conf, from dmesg reading the system log,
> from ssh-add connecting to the ssh agent socket,

What was the context of your shell?

> from dhclient3 reading 
> /proc/net, creating a socket and doing anything with it, then some more
> errors from bind startup, postfix startup,

Was Postfix configured not to chroot?

> mutt, gpgkeys_hkp (apparently 
> it's not allowed to connect to 11371/tcp, firefox, or gconfd-2.  Uptime
> is about 20 minutes, and dmesg|grep -c 'avc:  denied' returns 73.
> Looks like it's not ready for prime time to me.

Can you file bug reports with AVC messages?

http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

Reply to: