On Tue, 02 Aug 2011 11:19:21 -0400
"Anthony G. Basile" wrote:
> Is rlpkg going behind the PM's back when it does selinux labelings?
Yup. Also, note that PMS has wording for selinux.
> I know there are difference, but if there's a screwup in some policy, it
> also leads to horribly screwed up sys
On 08/02/2011 11:05 AM, Ciaran McCreesh wrote:
>>> Please don't.
>> >
>> > Why would this be bad?
> Because going behind the package mangler's back results in horribly
> screwed up systems (as anyone who's ever used lafilefixer will tell
> you...).
Is rlpkg going behind the PM's back when it does
On Tue, Aug 2, 2011 at 11:05 AM, Anthony G. Basile wrote:
> On 08/02/2011 10:54 AM, Ciaran McCreesh wrote:
>>> > I was thinking something even dirtier, something outside of the PMS
>>> > altogether, along the lines of what one does when converting to a
>>> > selinux system where one relabels the e
On Tue, 02 Aug 2011 11:05:34 -0400
"Anthony G. Basile" wrote:
> On 08/02/2011 10:54 AM, Ciaran McCreesh wrote:
> >> > I was thinking something even dirtier, something outside of the
> >> > PMS altogether, along the lines of what one does when converting
> >> > to a selinux system where one relabel
On Tue, 02 Aug 2011 10:51:22 -0400
"Anthony G. Basile" wrote:
> On 08/02/2011 10:31 AM, Ciaran McCreesh wrote:
> > On Tue, 02 Aug 2011 10:28:58 -0400
> > "Anthony G. Basile" wrote:
> >> I prefer capsetting in the PMS itself, with a nice clean function
> >> which auto detects all the necessary co
On 08/02/2011 10:54 AM, Ciaran McCreesh wrote:
>> > I was thinking something even dirtier, something outside of the PMS
>> > altogether, along the lines of what one does when converting to a
>> > selinux system where one relabels the entire filesystem with rlpkg.
>> > So no, not something via pkg_p
On Tue, 02 Aug 2011 10:51:22 -0400
"Anthony G. Basile" wrote:
> > Would need a spec, along with a way of dealing with all the
> > problems: what happens if the build fs supports caps but the
> > install fs doesn't? What about if caps are supported on both but in
> > different ways (tmpfs on some k
On 08/02/2011 10:31 AM, Ciaran McCreesh wrote:
> On Tue, 02 Aug 2011 10:28:58 -0400
> "Anthony G. Basile" wrote:
>> I prefer capsetting in the PMS itself, with a nice clean function
>> which auto detects all the necessary conditions and transparently
>> preserves caps, as you suggest. Maybe this
On Tue, 02 Aug 2011 10:28:58 -0400
"Anthony G. Basile" wrote:
> I prefer capsetting in the PMS itself, with a nice clean function
> which auto detects all the necessary conditions and transparently
> preserves caps, as you suggest. Maybe this can be in EAPI=5.
Would need a spec, along with a way
On 08/02/2011 03:08 AM, Michał Górny wrote:
> On Sun, 31 Jul 2011 16:00:40 -0400
> "Anthony G. Basile" wrote:
>
>> On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote:
>>> On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile
>>> wrote:
Hi everyone,
A couple of days ago, bonsaikitten (Pat
On Sun, 31 Jul 2011 16:00:40 -0400
"Anthony G. Basile" wrote:
> On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote:
> > On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile
> > wrote:
> >> Hi everyone,
> >>
> >> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin
> >> Millar) and myself wer
On Sun, 31 Jul 2011 22:28:35 +0200
Michał Górny wrote:
> Will packages always explicitly set caps themselves or will sometimes
> upstream do that for us?
I've no doubt some upstreams will try... But userpriv should stop most
of the damage.
--
Ciaran McCreesh
signature.asc
Description: PGP sig
On Mon, 1 Aug 2011 01:16:21 +0530
Nirbheek Chauhan wrote:
> On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile
> wrote:
> > Hi everyone,
> >
> > A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin
> > Millar) and myself were talking about other distros moving away
> > from setuid bina
On 07/31/2011 03:46 PM, Nirbheek Chauhan wrote:
> On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile
> wrote:
>> Hi everyone,
>>
>> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar)
>> and myself were talking about other distros moving away from setuid
>> binaries towards cap
On Sun, Jul 31, 2011 at 8:13 PM, Anthony G. Basile wrote:
> Hi everyone,
>
> A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar)
> and myself were talking about other distros moving away from setuid
> binaries towards caps. Openwall and Fedora are now setuid-less [1].
> Some go
Hi everyone,
A couple of days ago, bonsaikitten (Patrick), kerframil (Kerin Millar)
and myself were talking about other distros moving away from setuid
binaries towards caps. Openwall and Fedora are now setuid-less [1].
Some googling showed that Constanze has done quite a bit of work in the
area
16 matches
Mail list logo
