[redhat-lspp] LSPP kickstart config v0.8 released

George Wilson gcwilson at us.ibm.com
Sun Oct 15 22:51:51 UTC 2006






I'm running the Beta Server 20061006.2 + updates.img + lspp.52 with MLS in
enforcing mode on ppc64.  I installed with netboot using the kickstart
incarnation available last week.  There was a problem with the relabel
before reboot, which looks like a base policy problem.  I had to boot with
enforcing=0 initially to avoid init panicking the system.  Once the
filesystem was relabeled, I rebooted in enforcing without problems.  I can
even login, both console and ssh, in enforcing mode.

Thanks,
George Wilson
IBM LTC Security Development


                                                                           
             Klaus Weidner                                                 
             <klaus at atsec.com>                                             
             Sent by:                                                   To 
             redhat-lspp-bounc         redhat-lspp at redhat.com              
             es at redhat.com                                              cc 
                                                                           
                                                                   Subject 
             10/14/06 21:22            [redhat-lspp] LSPP kickstart config 
                                       v0.8 released                       
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Here's a new version of the kickstart script that fixes some bugs in the
previous version. Unfortunately, when used with the latest RHEL5 beta,
it's still not possible to log in in enforcing mode, and no login at all
via ssh even in nonenforcing mode. Audit and other logs aren't
particularily helpful. At least it boots in enforcing mode now, which I
guess is progress...

Has anyone managed to use the RHEL5-Server-20061006.2 version (plus the
updates floppy) in MLS enforcing mode successfully?

Changes:

  local policy:
    Allow run_init_t to write faillog files

  KS postinstall script:
    Use numeric MLS labels when creating users, disable old workarounds:

    - Label translation doesn't work during the kickstart postinstall.
      Use s0-s15:c0.c1023 instead of SystemLow-SystemHigh instead.
      (Starting /etc/init.d/mcstrans didn't help, it hangs when
      translating labels.)

    - Remove the workaround that used a shell script to set MALLOC_CHECK_=0
      for /sbin/init. It's not necessary for the current code.

    - Don't delete various 32bit packages on x86_64, just be resigned to
having
      a bunch of unwanted and unused code on the system instead.

RPM download:

   http://klaus.vh.swiftco.net/lspp/SRPMS/
   http://klaus.vh.swiftco.net/lspp/RPMS/noarch/

Git repository:

   http://klaus.vh.swiftco.net/lspp/git/

-Klaus

--
redhat-lspp mailing list
redhat-lspp at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-lspp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061015/0512e732/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061015/0512e732/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic22564.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061015/0512e732/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061015/0512e732/attachment-0002.gif>


More information about the redhat-lspp mailing list