[redhat-lspp] LSPP kickstart config v0.8 released
Klaus Weidner
klaus at atsec.com
Sun Oct 15 02:22:01 UTC 2006
Here's a new version of the kickstart script that fixes some bugs in the
previous version. Unfortunately, when used with the latest RHEL5 beta,
it's still not possible to log in in enforcing mode, and no login at all
via ssh even in nonenforcing mode. Audit and other logs aren't
particularily helpful. At least it boots in enforcing mode now, which I
guess is progress...
Has anyone managed to use the RHEL5-Server-20061006.2 version (plus the
updates floppy) in MLS enforcing mode successfully?
Changes:
local policy:
Allow run_init_t to write faillog files
KS postinstall script:
Use numeric MLS labels when creating users, disable old workarounds:
- Label translation doesn't work during the kickstart postinstall.
Use s0-s15:c0.c1023 instead of SystemLow-SystemHigh instead.
(Starting /etc/init.d/mcstrans didn't help, it hangs when
translating labels.)
- Remove the workaround that used a shell script to set MALLOC_CHECK_=0
for /sbin/init. It's not necessary for the current code.
- Don't delete various 32bit packages on x86_64, just be resigned to having
a bunch of unwanted and unused code on the system instead.
RPM download:
http://klaus.vh.swiftco.net/lspp/SRPMS/
http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
Git repository:
http://klaus.vh.swiftco.net/lspp/git/
-Klaus
More information about the redhat-lspp
mailing list