[redhat-lspp] LSPP kickstart config v0.64 released

Klaus Weidner klaus at atsec.com
Thu May 17 16:17:11 UTC 2007


Hello all,

some minor bugfixes.

Changes after 0.60 to 0.64:

    capp-lspp-config: don't restrict consoletype binary in CAPP mode

    rbac-self-test: fix policy restrictions on execution environment
    
	    Date: Wed, 16 May 2007 19:52:02 -0400
	    Subject: [redhat-lspp] rbac-self-test patches
	    From: Matt Anderson <mra at hp.com>
	    To: redhat-lspp at redhat.com

	    From running the rbac-self-test on different systems, and
	    with a slightly different procedure I ran into some issues.
	    Thanks to help from George and Klaus they were resolved.  The
	    main difference was I had been ssh'ing into the system as a
	    user and using su to become root.  This caused two problems;
	    sysadm_devpts_t instead of sysadm_tty_t and my SElinux user
	    was staff_u instead of root.  Here are the patches that I
	    needed in order to get things working for me.

    rbac-self-test: make it usable when logged in via ssh+su, not only local root
    
	    From: Matt Anderson <mra at hp.com>

	    Attached is the patch I came up with for the self test.  This
	    makes use of the selinux.getcon() call to ensure that only
	    the type and possibly level are being changed during a
	    self.runcon() call.

	    This makes the rbac-self-test run from either staff_u or
	    (SELinux user) root so we won't need to require a root login
	    on the console to run the self test.

    packages: Update kernel to lspp.81

Please get the packages the script requests in the postinstall phase from
the http://people.redhat.com/sgrubb/files/lspp/ repository.

Git repository:

   http://klaus.vh.swiftco.net/lspp/git/

I'm not currently building RPMs, if you are unable to use the "make-rpm"
script to build your own from the git repository and really need them
please let me know. I've deleted the old RPMs to avoid confusion.

-Klaus




More information about the redhat-lspp mailing list