Hello all,
some minor bugfixes.
Changes after 0.60 to 0.64:
capp-lspp-config: don't restrict consoletype binary in CAPP mode
rbac-self-test: fix policy restrictions on execution environment
Date: Wed, 16 May 2007 19:52:02 -0400
Subject: [redhat-lspp] rbac-self-test patches
From: Matt Anderson <[EMAIL PROTECTED]>
To: [email protected]
From running the rbac-self-test on different systems, and
with a slightly different procedure I ran into some issues.
Thanks to help from George and Klaus they were resolved. The
main difference was I had been ssh'ing into the system as a
user and using su to become root. This caused two problems;
sysadm_devpts_t instead of sysadm_tty_t and my SElinux user
was staff_u instead of root. Here are the patches that I
needed in order to get things working for me.
rbac-self-test: make it usable when logged in via ssh+su, not only local
root
From: Matt Anderson <[EMAIL PROTECTED]>
Attached is the patch I came up with for the self test. This
makes use of the selinux.getcon() call to ensure that only
the type and possibly level are being changed during a
self.runcon() call.
This makes the rbac-self-test run from either staff_u or
(SELinux user) root so we won't need to require a root login
on the console to run the self test.
packages: Update kernel to lspp.81
Please get the packages the script requests in the postinstall phase from
the http://people.redhat.com/sgrubb/files/lspp/ repository.
Git repository:
http://klaus.vh.swiftco.net/lspp/git/
I'm not currently building RPMs, if you are unable to use the "make-rpm"
script to build your own from the git repository and really need them
please let me know. I've deleted the old RPMs to avoid confusion.
-Klaus
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
