Re: [redhat-lspp] LSPP kickstart config v0.8 released

Sun, 15 Oct 2006 15:52:01 -0700

I'm running the Beta Server 20061006.2 + updates.img + lspp.52 with MLS in enforcing mode on ppc64. I installed with netboot using the kickstart incarnation available last week. There was a problem with the relabel before reboot, which looks like a base policy problem. I had to boot with enforcing=0 initially to avoid init panicking the system. Once the filesystem was relabeled, I rebooted in enforcing without problems. I can even login, both console and ssh, in enforcing mode.

Thanks,
George Wilson
IBM LTC Security Development
Inactive hide details for Klaus Weidner <[EMAIL PROTECTED]>Klaus Weidner <[EMAIL PROTECTED]>


          Klaus Weidner <[EMAIL PROTECTED]>
          Sent by: [EMAIL PROTECTED]

          10/14/06 21:22

To

[email protected]

cc


Subject

[redhat-lspp] LSPP kickstart config v0.8 released

Here's a new version of the kickstart script that fixes some bugs in the
previous version. Unfortunately, when used with the latest RHEL5 beta,
it's still not possible to log in in enforcing mode, and no login at all
via ssh even in nonenforcing mode. Audit and other logs aren't
particularily helpful. At least it boots in enforcing mode now, which I
guess is progress...

Has anyone managed to use the RHEL5-Server-20061006.2 version (plus the
updates floppy) in MLS enforcing mode successfully?

Changes:

 local policy:
   Allow run_init_t to write faillog files

 KS postinstall script:
   Use numeric MLS labels when creating users, disable old workarounds:
   
   - Label translation doesn't work during the kickstart postinstall.
     Use s0-s15:c0.c1023 instead of SystemLow-SystemHigh instead.
     (Starting /etc/init.d/mcstrans didn't help, it hangs when
     translating labels.)
   
   - Remove the workaround that used a shell script to set MALLOC_CHECK_=0
     for /sbin/init. It's not necessary for the current code.
   
   - Don't delete various 32bit packages on x86_64, just be resigned to having
     a bunch of unwanted and unused code on the system instead.

RPM download:

  http://klaus.vh.swiftco.net/lspp/SRPMS/
  http://klaus.vh.swiftco.net/lspp/RPMS/noarch/

Git repository:

  http://klaus.vh.swiftco.net/lspp/git/

-Klaus

--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

GIF image

--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

Reply via email to