Am 19.03.2014 20:16, schrieb Ary Kleinerman:
>> There's not really much magic going on. Are you aware of:
>>
>> /etc/systemd/system
>>
>> This contains symlinks that do already pretty much what you describe, and
>> this
>> is systemd's native configuration.
>>
> Paul,
> Don't forget
> /run/systemd
Am 26.03.2014 23:13, schrieb Gesh:
> Thanks for the pointers.
> If I understand what's going on correctly, units specify in their [Install]
> section whether, when they're enabled, they should be pulled in by other
> units.
> Those symlinks usually populate the appropriate directory under
> /etc
Hello,
2014-03-26 20:18 GMT+01:00 Leonid Isaev :
>
> On Wed, 26 Mar 2014 19:56:26 +0100
> Thomas Bächler wrote:
>
> > Hello all,
> >
> > it won't be too long until 3.14 is out and I want to address a topic
> > that has been bugging me for a while. Our kernel includes everything and
> > the kitchen
I think what Nicolas says is a good idea. I realise that Arch is not really
a security-focused distro, but having to not recompile the kernel on my
laptop after every upgrade with SELinux enabled is a pretty awesome thing.
I realise that this is not really relevant to most Archers, but with Siosm
w
On March 27, 2014 9:25:24 AM GMT+02:00, "Thomas Bächler"
wrote:
>Am 26.03.2014 23:13, schrieb Gesh:
>> Thanks for the pointers.
>> If I understand what's going on correctly, units specify in their
>[Install] section whether, when they're enabled, they should be pulled
>in by other units.
>> Those
Am 27.03.2014 09:41, schrieb Gesh:
> Basically, if I understood what happens correctly, the units under
> /etc/systemd/system/*.wants/ - or their targets, if they're symlinks -
> replace their corresponding units in the dependency graph.
Not exactly.
When you place a unit in foo.wants, then foo
On Thursday 27 Mar 2014 09:07:23 Nicolas Iooss wrote:
> c) Create a package ("linux-src"?) which install the kernel sources
> and provides an easy way to customize the config before making the packages
> (with pkgbuild). Currently linux-grsec AUR package provides this feature by
> using the MENUCON
On March 27, 2014 11:20:04 AM GMT+02:00, "Thomas Bächler"
wrote:
>Am 27.03.2014 09:41, schrieb Gesh:
>> Basically, if I understood what happens correctly, the units under
>/etc/systemd/system/*.wants/ - or their targets, if they're symlinks -
>replace their corresponding units in the dependency g
Am 27.03.2014 13:26, schrieb Gesh:
> But what if bar.unit Wants=foo.unit and I add a custom foo.unit to
> bar.unit.wants/ ? Will both be run? Will the custom foo.unit replace the
> built-in?
I don't know what happens if you try, but there can only be one unit of
the same name.
signature.asc
Am 27.03.2014 09:07, schrieb Nicolas Iooss:
>>> I agree regarding SELinux/Apparmor (it's not only userspace tools, but also
>> sane application policies that are missing).
>
> I strongly disagree with removing LSM from the packaged kernel. I'm
> currently using SELinux with AUR packages [1] (which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Am 27.03.2014 13:46, schrieb Thomas Bächler:
> Do you even know what that means? If I see this right, every time
> the kernel needs to do some permission check, it needs to ask "are
> we using LSM xyz?". In any case, it's more code and thus more ro
Am 27.03.2014 15:24, schrieb Simon Brand:
> Am 27.03.2014 13:46, schrieb Thomas Bächler:
>> Do you even know what that means? If I see this right, every time
>> the kernel needs to do some permission check, it needs to ask "are
>> we using LSM xyz?". In any case, it's more code and thus more room
>
În ziua de Miercuri 26 Martie 2014, la 19:56:26, Thomas Bächler a scris:
> I want to trim our kernel down to what we actually support.
> 1) Once we agreed to disable one LSM, everyone else said "we can enable
> LSM XYZ, too". And so we did. Right now, we enable SELinux, SMACK,
> Tomoyo, AppArmor a
On Thu, Mar 27, 2014 at 09:07:23AM +0100, Nicolas Iooss wrote:
>
> Here are three arguments to motivate my disagreement.
>
> * First, removing LSM support makes it difficult for users to test
> LSM. Before 3.13 kernel, users needed to recompile their kernel (or to
> install linux-selinux AUR pack
On Wed, 26 Mar 2014 22:17:25 +0100
Thomas Bächler wrote:
> Am 26.03.2014 21:31, schrieb Leonid Isaev:
> > On Wed, 26 Mar 2014 21:00:15 +0100
> > Thomas Bächler wrote:
> >
> >> Am 26.03.2014 20:18, schrieb Leonid Isaev:
> >>> However, I don't think that Yama requires any userspace components, do
On 2014-03-25 15:59, arch-general-requ...@archlinux.org wrote:
--
Message: 1
Date: Mon, 24 Mar 2014 22:49:06 +0100
From: Jakub Klinkovsk?
Subject: Re: [arch-general] graphical display management
Interestingly, 'su a' results
On Thursday 27 Mar 2014 16:45:35 message wrote:
> On 2014-03-25 15:59, arch-general-requ...@archlinux.org wrote:
> >
--
> >
> > Message: 1
> > Date: Mon, 24 Mar 2014 22:49:06 +0100
> > From: Jakub Klinkovsk?
> > Subject: Re: [ar
On Thursday, March 27, 2014 04:45:24 PM Arthur Țițeică wrote:
> My opinion on this is that the kernel should be the ground on which
> userspace should always work.
>
> Features should be taken out with bug reports demonstrating
breakage in
> general usage, slowdowns or security risks.
>
> Anothe
On 2014-03-25 15:59, arch-general-requ...@archlinux.org wrote:
--
Message: 2
Date: Tue, 25 Mar 2014 00:15:27 +0100
From: Guus Snijders
Subject: Re: [arch-general] graphical display management
Ok. Could you try resetting the password for user a?
You could do this (a
Op 27 mrt. 2014 18:21 schreef "message" het
volgende:
>
> On 2014-03-25 15:59, arch-general-requ...@archlinux.org wrote:
>>
>> --
>>
>> Message: 2
>> Date: Tue, 25 Mar 2014 00:15:27 +0100
>> From: Guus Snijders
>>
>> Subject: Re: [arch-general] graphical display manage
TL;DR: this is a technical answer which can be seen as slightly
off-topic as it focus only on SELinux and not much about kernel config
trimming.
2014-03-27 13:46 GMT+01:00 Thomas Bächler :
> Am 27.03.2014 09:07, schrieb Nicolas Iooss:
I agree regarding SELinux/Apparmor (it's not only userspac
2014-03-27 16:31 GMT+01:00 Bigby James :
> On Thu, Mar 27, 2014 at 09:07:23AM +0100, Nicolas Iooss wrote:
>>
>> Here are three arguments to motivate my disagreement.
>>
>> * First, removing LSM support makes it difficult for users to test
>> LSM. Before 3.13 kernel, users needed to recompile their
I am a complete noob and only follow the lists out of interest. I am
also very young, so please forgive my impertinence. Thanks Thomas for
your work!! Just my 2c:
On 03/27/2014 08:34 PM, Nicolas Iooss wrote:
> 2014-03-27 16:31 GMT+01:00 Bigby James :
>> On Thu, Mar 27, 2014 at 09:07:23AM +0100, Ni
On 27.03.2014 21:59, Bennett Piater wrote:
> I am a complete noob and only follow the lists out of interest.
First lesson which also applies to a bunch of other people in this
thread: only quote what you need. 129 lines of quoted text before your
reply is bad.
signature.asc
Description: OpenPG
On Thu, Mar 27, 2014 at 5:46 AM, Thomas Bächler
>The fact that these LSMs must be compiled into the kernel and cannot be built
>as modules tells you something important: These options change the behaviour
>of the kernel at its core.
I was under the impression that this was s security feature to
On 03/27/2014 10:06 PM, Florian Pritz wrote:
> On 27.03.2014 21:59, Bennett Piater wrote:
> First lesson which also applies to a bunch of other people in this
> thread: only quote what you need. 129 lines of quoted text before your
> reply is bad.
Thanks for the tip, I'll remember it. :)
signat
On Wed, Mar 26, 2014 at 11:54:29AM -0600, Squall Lionheart wrote:
> On Tue, Mar 25, 2014 at 4:55 PM, Magnus Therning wrote:
>
> > I'm just starting to dip my toes in the mono waters. Slightly
> > prompted by my current situation at work. In particular I'm
> > interested in F#, but I'm finding th
On Thu, Mar 27, 2014 at 10:11 AM, Kevin Ott
> This seems like it doesn't exactly fit with the Arch Way though. Arch is
> supposed to be simple and minimal. Why should the default be "add all
> the features" for a distribution that is partially based on being minimal
> and lightweight?
>
> I guess I
On Thu, Mar 27, 2014 at 2:19 PM, Peter Baldridge
wrote:
>
> I thought part of 'minimal' meant that the packages were as stock as
> possible. I was under the impression that we shipped minimally
> altered packages and it was up to the administrator to perfect each
> package to her liking.
The k
On Thursday, March 27, 2014 02:19:28 PM Peter Baldridge wrote:
> I thought part of 'minimal' meant that the packages were as stock as
> possible. I was under the impression that we shipped minimally
> altered packages and it was up to the administrator to perfect each
> package to her liking.
>
>
Am 27.03.2014 20:33, schrieb Nicolas Iooss:
> TL;DR: this is a technical answer which can be seen as slightly
> off-topic as it focus only on SELinux and not much about kernel config
> trimming.
Very interesting, thanks for looking into it deeper. I'll leave most of
this uncommented.
> This does
On Tue, Mar 25, 2014 at 5:26 PM, Karol Babioch wrote:
> Hi,
>
> now that GNOME 3.12 has been released and probably will hit the repos in
> the next couple of days/weeks, I'm wondering what the current status of
> "Software" is [1]? This is an application similar to an app store in the
> mobile wor
On 27 March 2014 21:34, Kevin Ott wrote:
> I'm pretty sure your summary is accurate. However, these are things done in
> a configuration file when building the kernel. There isn't really a "default".
There is -- download the kernel sources and run "make defconfig".
It'll start with the current de
33 matches
Mail list logo