LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

SCIENTIFIC-LINUX-DEVEL Archives

November 2005

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-DEVEL Home
	SCIENTIFIC-LINUX-DEVEL November 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Scientific Linux Release Candidate 1 for 4.2 for i386
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 15 Nov 2005 10:00:59 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (69 lines)

Hi Stephan,
I was thinking this was a CERN se policy change and wasn't worrying 
about it too much (although it's nice to have those things in a rpm 
package for examples of how to do it.)

The actual concern I have is whether this is going to affect the generic 
S.L., and if it is, what is the correct way to fix it.

Troy

Stephan Wiesand wrote:
> Works for me (updating the packages in %post during installation).
> The policy changes are similar to something I'd tried successfully before.
> I still get a warning when moving a file from AFS into /tmp (not in the 
> other direction, this now works).
> 
> Having these changes in 4.2 would be good.
> 
> NB when compared to CIFS:
> 
>   type cifs_t, fs_type, root_dir_type, noexattrfile, sysadmfile;
>   type afs_t, fs_type, root_dir_type, noexattrfile;
> 
> Did I get it right that this will only make a difference under the 
> strict policy? I have to learn more about SELinux...
> 
> Thanks a lot for the packages,
>     Stephan
> 
> On Fri, 11 Nov 2005, Jan Iven wrote:
> 
>> On Fri, 2005-11-11 at 15:29 +0100, Stephan Wiesand wrote:
>>
>>> Hallo Jan,
>>>
>>>> We are currently testing patched policy files, you may want to
>>>> incorporate these.
>>>
>>>
>>> Would you make those available?
>>
>>
>> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/RPMS/policycoreutils-1.18.1-4.7.cern.i386.rpm 
>>
>> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/RPMS/selinux-policy-targeted-1.17.30-2.110.cern2.noarch.rpm 
>>
>> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/RPMS/selinux-policy-targeted-sources-1.17.30-2.110.cern2.noarch.rpm 
>>
>>
>> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/SRPMS/policycoreutils-1.18.1-4.7.cern.src.rpm 
>>
>> http://linuxsoft.cern.ch/cern/slc4X/updates/testing/i386/SRPMS/selinux-policy-targeted-1.17.30-2.110.cern2.src.rpm 
>>
>>
>> we have proposed the (minimal, just a new fs_type and some safeguards in
>> the scripts) patches to Red Hat who hopefully will take them.
>>
>> Best regards
>> jan
>>
> 


-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/CSS  CSI Group
__________________________________________________

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV