new packages

new packages

[Russell Coker]

I've uploaded new packages to Debian for the latest SE Linux base code and 
default policy.  I've also uploaded a new kernel-patch package for the latest 
2.4.18 LSM patch that is on the NSA site.  NB This version of the kernel 
patch is needed for the latest utils and policy!

Also I've put a copy of the latest OpenSSH with my latest patch (including 
xauth support) on my site.


Have fun!

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: new packages

[Ed Street]

Hello,

Where is the kernel patch located at?

Ed

-----Original Message-----
From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]
On Behalf Of Russell Coker
Sent: Saturday, July 06, 2002 5:55 PM
To: SE Linux
Subject: new packages

I've uploaded new packages to Debian for the latest SE Linux base code
and 
default policy.  I've also uploaded a new kernel-patch package for the
latest 
2.4.18 LSM patch that is on the NSA site.  NB This version of the kernel

patch is needed for the latest utils and policy!

Also I've put a copy of the latest OpenSSH with my latest patch
(including 
xauth support) on my site.


Have fun!

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: new packages

[Russell Coker]

On Sat, 6 Jul 2002 22:39, Ed Street wrote:
> Where is the kernel patch located at?

It's in Debian/unstable, but I've also put it on 
http://www.coker.com.au/selinux/kern/

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: new packages

[Ed Street]

Hello,

Some quick notes on the new updates I found.

1) kernel patch file had a blurb on one file, stated already applied.
(will get the section and past it)

2) fingerd.te gave me fits. Had to remote the file
/usr/share/Selinux/policy/current/domains/program/fingerd.te (not
running fingerd on this box)

3) using apt-get while in enforcement mode gives some interesting
errors.

This is directly logged in as root, NO su involved.  Tested on the
console and by ssh with the same results.

debian:~# id
uid=0(root) gid=0(root) groups=0(root) context=root:sysadm_r:sysadm_t
sid=181

debian:~# apt-get remove tiger
Reading Package Lists... Done
Building Dependency Tree... Done
The following packages will be REMOVED:
  tiger
0 packages upgraded, 0 newly installed, 1 to remove and 0  not upgraded.
1 packages not fully installed or removed.
Need to get 0B of archives. After unpacking 1184kB will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 7904 files and directories currently installed.)
Removing tiger ...
dpkg (subprocess): unable to execute pre-removal script: Permission
denied
dpkg: error processing tiger (--remove):
 subprocess pre-removal script returned error exit status 2
dpkg (subprocess): unable to execute post-installation script:
Permission denied
dpkg: error while cleaning up:
 subprocess post-installation script returned error exit status 2
Errors were encountered while processing:
 tiger
E: Sub-process /usr/bin/dpkg returned an error code (1)
debian:~#


Ed



--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: new packages

[Russell Coker]

On Sun, 7 Jul 2002 04:35, Ed Street wrote:
> Some quick notes on the new updates I found.
>
> 1) kernel patch file had a blurb on one file, stated already applied.
> (will get the section and past it)

Are you applying it over the Debian kernel-patch package?  If so try getting 
the source from ftp.kernel.org.

> 2) fingerd.te gave me fits. Had to remote the file
> /usr/share/Selinux/policy/current/domains/program/fingerd.te (not
> running fingerd on this box)

What exactly was the problem?  Anyway that's not finished yet...

> 3) using apt-get while in enforcement mode gives some interesting
> errors.

Use se_apt-get, se_dpkg, and se_dselect instead of the usual programs.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: new packages

[Ed Street]

Hello,

Yes I'm applying it over the debian kernel. apt-get install
kernel-source-2.4.18.  So far this kernel patch seems much improved over
the previous patches :)


Fingerd issues:

debian:/usr/src/selinux# dpkg -i
selinux-policy-default_2002070313-1_all.deb
Selecting previously deselected package selinux-policy-default.
(Reading database ... 9873 files and directories currently installed.)
Unpacking selinux-policy-default (from
selinux-policy-default_20020703131_all.deb) ...

Setting up selinux-policy-default (2002070313-1) ...

Copying the sample /usr/share/selinux/policy/current directory from
/usr/share/selinux/policy/default

Would you like to run
'make -C /usr/share/selinux/policy/current relabel' to assign SIDs
to all files on the system now [Y/n]?

make: Entering directory `/usr/share/selinux/policy/current'

make: *** No rule to make target `file_contexts/program/fingerd.fc',
needed by `file_contexts/file_contexts'.  Stop.

make: Leaving directory `/usr/share/selinux/policy/current'

dpkg: error processing selinux-policy-default (--install):
 subprocess post-installation script returned error exit status 2
Errors were encountered while processing:
 selinux-policy-default


Even with fingerd and finger installed I get the above messages.  Simply
deleting the fingerd.te file will allow a normal compile

Ed

-----Original Message-----
From: Russell Coker [mailto:russell@coker.com.au] 
Sent: Sunday, July 07, 2002 4:48 PM
To: blacknet@simplyaquatics.com; 'SE Linux'
Subject: Re: new packages

On Sun, 7 Jul 2002 04:35, Ed Street wrote:
> Some quick notes on the new updates I found.
>
> 1) kernel patch file had a blurb on one file, stated already applied.
> (will get the section and past it)

Are you applying it over the Debian kernel-patch package?  If so try
getting 
the source from ftp.kernel.org.

> 2) fingerd.te gave me fits. Had to remote the file
> /usr/share/Selinux/policy/current/domains/program/fingerd.te (not
> running fingerd on this box)

What exactly was the problem?  Anyway that's not finished yet...

> 3) using apt-get while in enforcement mode gives some interesting
> errors.

Use se_apt-get, se_dpkg, and se_dselect instead of the usual programs.




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: fingerd (was new packages)

[Ed Street]

Hello,

If I make a
/usr/share/selinux/policy/current/file_contexts/program/fingerd.fc file
shouldn't the contents be this?

/usr/sbin/in.fingerd               system_u:object_r:fingerd_exec_t

Ed


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: fingerd (was new packages)

[Russell Coker]

On Sun, 7 Jul 2002 17:23, you wrote:
> If I make a
> /usr/share/selinux/policy/current/file_contexts/program/fingerd.fc file
> shouldn't the contents be this?
>
> /usr/sbin/in.fingerd               system_u:object_r:fingerd_exec_t

Yes, that should be OK.

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.