[redhat-lspp] LSPP kickstart config v0.64 released
Klaus Weidner
klaus at atsec.com
Thu May 17 16:17:11 UTC 2007
Hello all,
some minor bugfixes.
Changes after 0.60 to 0.64:
capp-lspp-config: don't restrict consoletype binary in CAPP mode
rbac-self-test: fix policy restrictions on execution environment
Date: Wed, 16 May 2007 19:52:02 -0400
Subject: [redhat-lspp] rbac-self-test patches
From: Matt Anderson <mra at hp.com>
To: redhat-lspp at redhat.com
From running the rbac-self-test on different systems, and
with a slightly different procedure I ran into some issues.
Thanks to help from George and Klaus they were resolved. The
main difference was I had been ssh'ing into the system as a
user and using su to become root. This caused two problems;
sysadm_devpts_t instead of sysadm_tty_t and my SElinux user
was staff_u instead of root. Here are the patches that I
needed in order to get things working for me.
rbac-self-test: make it usable when logged in via ssh+su, not only local root
From: Matt Anderson <mra at hp.com>
Attached is the patch I came up with for the self test. This
makes use of the selinux.getcon() call to ensure that only
the type and possibly level are being changed during a
self.runcon() call.
This makes the rbac-self-test run from either staff_u or
(SELinux user) root so we won't need to require a root login
on the console to run the self test.
packages: Update kernel to lspp.81
Please get the packages the script requests in the postinstall phase from
the http://people.redhat.com/sgrubb/files/lspp/ repository.
Git repository:
http://klaus.vh.swiftco.net/lspp/git/
I'm not currently building RPMs, if you are unable to use the "make-rpm"
script to build your own from the git repository and really need them
please let me know. I've deleted the old RPMs to avoid confusion.
-Klaus
More information about the redhat-lspp
mailing list