Kmail offline
Dmitriy Kropivnitskiy
nigde at mitechki.net
Fri Jan 26 18:33:50 UTC 2007
Gene Heskett wrote:
> And you obviously don't see the data security inherent in being able to
> take a copy of that backup to any machine in the world and recover it to
> localhost. The real amanda will recover only to the FQDN of the machine
> that backup was made on. Its compiled in becomes part of the backups
> preamble.
This seems to me more of a usability problem then a security feature. If I steal
the backup and need to restore it, I can set my local name resolution to resolve
to anything I want and restore it that way. On the other hand if my naming
convention changes or my domain name changes or I just need to restore some part
of the backup to a different location for whatever legitimate reason, I would
need to go through the cracker hoops to circumvent this so called "security"
feature.
> The real amanda's working pieces, like amdump, run only as an unprivileged
> user. The last time I looked at an rpm install, root could run it, all
> of it. Now admittedly that's been 3 or 4 years ago & maybe its been
> fixed in more recently available rpms.
I am talking about FC6. I am not talking "3 or 4 years ago". 4 years ago there
was no Fedora Linux for gods sake and I don't think ANY distributions (with the
exception of maybe NSA Secure Linux which was proof of concept that nobody ever
used) used selinux.
> Yes they do, and I spent an hour last night staring at the restorecon (and
> friends) pages without getting anything out of it as to how I was
> supposed to convert a bunch of fonts installed in the /root/.fonts dir,
Why are you trying to use fonts in /root/.fonts? Are you running your GUI
sessions as root? As it has ben said a lot of times YOU SHOULD NOT DO THAT AND
SELINUX IS ABSOLUTELY CORRECT IN NOT ALLOWING YOU TO.
> and change their 'ls --scontext' from root_t to system_t.
man chcon
> I don't think
> that's going to effect the errors when running fc-cache, but it was worth
> a try. I did delete a couple of 0 length font.cache and font.dir files
> that don't exist on my FC5 lappy, but that made no difference to the
Get yourself a recent version of Fedora. The current is FC6.
> Amazingly, printing, which was
> disabled by an error in findfonts for the last 2 days, has now begun to
> work again.
And this relates to the selinux in what manner?
> straceing fc-cache fails to disclose what 'cache' file it failed to write,
Yes it does. Look for failed open() stat() or write() calls.
> That was unsuccessful 4 years ago, after I had bought a cheap seimans
Why are you discussing 4 years ago? Are you living in the past? Do you think
therapy would help?
More information about the fedora-list
mailing list