[redhat-lspp] LSPP kickstart config v0.8 released
George Wilson
gcwilson at us.ibm.com
Sun Oct 15 22:51:51 UTC 2006
I'm running the Beta Server 20061006.2 + updates.img + lspp.52 with MLS in
enforcing mode on ppc64. I installed with netboot using the kickstart
incarnation available last week. There was a problem with the relabel
before reboot, which looks like a base policy problem. I had to boot with
enforcing=0 initially to avoid init panicking the system. Once the
filesystem was relabeled, I rebooted in enforcing without problems. I can
even login, both console and ssh, in enforcing mode.
Thanks,
George Wilson
IBM LTC Security Development
Klaus Weidner
<klaus at atsec.com>
Sent by: To
redhat-lspp-bounc redhat-lspp at redhat.com
es at redhat.com cc
Subject
10/14/06 21:22 [redhat-lspp] LSPP kickstart config
v0.8 released
Here's a new version of the kickstart script that fixes some bugs in the
previous version. Unfortunately, when used with the latest RHEL5 beta,
it's still not possible to log in in enforcing mode, and no login at all
via ssh even in nonenforcing mode. Audit and other logs aren't
particularily helpful. At least it boots in enforcing mode now, which I
guess is progress...
Has anyone managed to use the RHEL5-Server-20061006.2 version (plus the
updates floppy) in MLS enforcing mode successfully?
Changes:
local policy:
Allow run_init_t to write faillog files
KS postinstall script:
Use numeric MLS labels when creating users, disable old workarounds:
- Label translation doesn't work during the kickstart postinstall.
Use s0-s15:c0.c1023 instead of SystemLow-SystemHigh instead.
(Starting /etc/init.d/mcstrans didn't help, it hangs when
translating labels.)
- Remove the workaround that used a shell script to set MALLOC_CHECK_=0
for /sbin/init. It's not necessary for the current code.
- Don't delete various 32bit packages on x86_64, just be resigned to
having
a bunch of unwanted and unused code on the system instead.
RPM download:
http://klaus.vh.swiftco.net/lspp/SRPMS/
http://klaus.vh.swiftco.net/lspp/RPMS/noarch/
Git repository:
http://klaus.vh.swiftco.net/lspp/git/
-Klaus
--
redhat-lspp mailing list
redhat-lspp at redhat.com
https://www.redhat.com/mailman/listinfo/redhat-lspp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061015/0512e732/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061015/0512e732/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pic22564.gif
Type: image/gif
Size: 1255 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061015/0512e732/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061015/0512e732/attachment-0002.gif>
More information about the redhat-lspp
mailing list