Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Russell Coker]

Below is a message I just posted to the debian Developers list about my 
latest test packages (not uploaded to Debian and not official packages).

What is probably of more interest to you is the locations that I've put 
header files in, here's what I'm currently installing:
/usr/include
/usr/include/linux
/usr/include/linux/flask
/usr/include/linux/flask/class_to_string.h
/usr/include/linux/flask/initial_sid_to_string.h
/usr/include/linux/flask/avc.h
/usr/include/linux/flask/avc_ss.h
/usr/include/linux/flask/av_perm_to_string.h
/usr/include/linux/flask/flask.h
/usr/include/linux/flask/security.h
/usr/include/linux/flask/psid.h
/usr/include/linux/flask/common_perm_to_string.h
/usr/include/linux/flask/syscalls.h
/usr/include/linux/flask/flask_types.h
/usr/include/linux/flask/av_permissions.h
/usr/include/linux/flask/av_inherit.h
/usr/include/selinux
/usr/include/selinux/ss.h
/usr/include/selinux/lsm.h
/usr/include/selinux/ipc_secure.h
/usr/include/selinux/proc_secure.h
/usr/include/selinux/context.h
/usr/include/selinux/get_sid_list.h
/usr/include/selinux/fs_secure.h
/usr/include/selinux/get_default_type.h
/usr/include/selinux/socket_secure.h
/usr/include/selinux/flask_util.h
/usr/include/selinux/get_user_sid.h

I would like some feedback from the authors of what they think about these 
locations.  I will not put the include files in /usr/local, but I am open to 
suggestions of other ways of arranging them under /usr/include.

Also it would be conveniant for people who are develping distributions if 
there was a suggested location for header files that worked with the LSB 
directory scheme...


Subject: Re: SE Linux packages of login, sshd, tar, stat, findutils, 
fileutils, and [xkg]dm
Date: Tue, 27 Nov 2001 20:44:23 +0100
From: Russell Coker <russell@coker.com.au>
To: Giacomo Catenazzi <cate@debian.org>, debian-devel@lists.debian.org

On Tue, 27 Nov 2001 17:41, Giacomo Catenazzi wrote:
> > PS  I hope to have some test packages of SE-Linux enabled utilities on
> > http://www.coker.com.au/selinux/ within 24 hours, and a complete set of
> > SE-Linux Debian packages (apart from [xkg]dm) within a week.
>
> do you need some help?

Yes!

Firstly check out http://www.coker.com.au/selinux/ .

Please test compiling all the source first.  First compile the kernel-patch
package (it's a build depdendency for libselinux-dev which everything else
build-depends on).  After installing it build the libselinux-dev and then
build the stat package.

Then of course you can't do anything without having a kernel to boot (which
is easily done) and a login package to allow you to login (which I haven't
packaged yet).

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Stephen Smalley]

On Tue, 27 Nov 2001, Russell Coker wrote:

> What is probably of more interest to you is the locations that I've put
> header files in, here's what I'm currently installing:
> /usr/include

Well, this will naturally break the build of all of the userland
components of SELinux.  Why do you need to change the installation
directories from what we use?

> /usr/include/linux/flask

This change is probably harmless for building the userland components,
since the same #include directives will still work (#include
<linux/flask/foo.h>).  But what about the <linux/asm-i386/unistd.h>
and the <linux/asm-i386/flask/unistd.h> files?  These are also needed
for building the userland components.

> /usr/include/selinux

This change will require changes to the userland components of SELinux,
and I'm not planning on making these changes to our distribution unless
there is a real justification.  What's wrong with
/usr/local/selinux/include?

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Russell Coker]

On Wed, 28 Nov 2001 14:28, Stephen Smalley wrote:
> On Tue, 27 Nov 2001, Russell Coker wrote:
> > What is probably of more interest to you is the locations that I've put
> > header files in, here's what I'm currently installing:
> > /usr/include
>
> Well, this will naturally break the build of all of the userland
> components of SELinux.  Why do you need to change the installation
> directories from what we use?

Because no package is allowed to put files in /usr/local !

> > /usr/include/linux/flask
>
> This change is probably harmless for building the userland components,
> since the same #include directives will still work (#include
> <linux/flask/foo.h>).

That's the plan.

> But what about the <linux/asm-i386/unistd.h>
> and the <linux/asm-i386/flask/unistd.h> files?  These are also needed
> for building the userland components.

I'm not sure which is the best solution for that yet.

> > /usr/include/selinux
>
> This change will require changes to the userland components of SELinux,
> and I'm not planning on making these changes to our distribution unless
> there is a real justification.  What's wrong with
> /usr/local/selinux/include?

It conflicts with the FHS.  See section 4.5 and in particular 4.5.1:

   This directory should always be empty after first installing a
   FHS-compliant system. No exceptions to this rule should be made other
   than the listed directory stubs.

So I could create a /usr/local/selinux directory which is empty if necessary, 
but I can not put any files in it!

You will have the same issue with getting SE-Linux into any other major 
distribution.  Although Slackware would probably make an exception for it.  
Also Sun ships Solaris packages containing files in /usr/local so they would 
probably be happy to do so for their Qube and Raq machines too.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Stephen Smalley]

On Thu, 29 Nov 2001, Russell Coker wrote:

> Because no package is allowed to put files in /usr/local !

Well, I suppose that this makes sense for packages that are intended to be
installed as part of the base Debian system.  But won't your SELinux
packages be optional components to be installed after a base install?  And
if so, then is it really forbidden to use /usr/local?

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Russell Coker]

On Thu, 29 Nov 2001 14:27, Stephen Smalley wrote:
> On Thu, 29 Nov 2001, Russell Coker wrote:
> > Because no package is allowed to put files in /usr/local !
>
> Well, I suppose that this makes sense for packages that are intended to be
> installed as part of the base Debian system.  But won't your SELinux
> packages be optional components to be installed after a base install?  And
> if so, then is it really forbidden to use /usr/local?

It's forbidden for any Debian packages to put files there for any reason.

Whether a package is optional or required makes no difference.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Flood Randy Capt AFCA/TCAA]

This seems to be a flaw with the Debian distribution then.  Doesn't the
Linux filesystems standard (or whatever its called) specify that
software should be installed there?



-----Original Message-----
From: Russell Coker [mailto:russell@coker.com.au]
Sent: Thursday, November 29, 2001 10:03 AM
To: Stephen Smalley
Cc: selinux@tycho.nsa.gov
Subject: Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat,
findutils, fileutils, and [xkg]dm


On Thu, 29 Nov 2001 14:27, Stephen Smalley wrote:
> On Thu, 29 Nov 2001, Russell Coker wrote:
> > Because no package is allowed to put files in /usr/local !
>
> Well, I suppose that this makes sense for packages that are intended
to be
> installed as part of the base Debian system.  But won't your SELinux
> packages be optional components to be installed after a base install?
And
> if so, then is it really forbidden to use /usr/local?

It's forbidden for any Debian packages to put files there for any
reason.

Whether a package is optional or required makes no difference.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

--
You have received this message because you are subscribed to the selinux
list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Jose Nazario]

On Thu, 29 Nov 2001, Flood Randy Capt AFCA/TCAA wrote:

> This seems to be a flaw with the Debian distribution then.  Doesn't
> the Linux filesystems standard (or whatever its called) specify that
> software should be installed there?

http://www.pathname.com/fhs/2.0/fhs-toc.html

for /usr/local:
	http://www.pathname.com/fhs/2.0/fhs-4.6.html

the openbsd hier page is at
http://www.openbsd.org/cgi-bin/man.cgi?query=hier&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
(not that it matters much, this *is* linux and not BSD)

it would seem to come down to "is selinux the base system or an add on?"
the distribution model of selinux would indicate that it's an add on, as
its not a full fledged distribution.

<opinion>
#include "disclaimer.h"

if debian wants it someplace else, have locally available patches. please
don't attempt to apply such standards to everyone else. thank you. it is,
after all, why you're a different distro.

$ cat disclaimer.h

#ifndef FLAMESUIT
#define FLAMESUIT 1
#endif

i am in no way connected to the SELinux team. i just use it and have a
longstanding interest in both filesystem hierarchies, the UNIX model (and
Linux deviances from it), and trusted OSes. i am speaking only for myself.

/* EOF */

</opinion>


____________________________
jose nazario						     jose@cwru.edu
	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Stephen Smalley]

On Thu, 29 Nov 2001, Russell Coker wrote:

> It's forbidden for any Debian packages to put files there for any reason.
>
> Whether a package is optional or required makes no difference.

Well, maybe we can work toward making our /usr/local/selinux hierarchy
and the builds for the userland SELinux components more easily
relocatable.  If you can contribute suggestions and patches to help with
this task, that would be useful.  Otherwise, I'm not sure when we'll get
to it.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Achim D. Brucker]

On Thu, Nov 29, 2001 at 11:08:00AM -0600, Flood Randy Capt AFCA/TCAA wrote:
> 
> This seems to be a flaw with the Debian distribution then.  Doesn't the
> Linux filesystems standard (or whatever its called) specify that
> software should be installed there?
No it is not a flaw ;-). 
The main argument/idea is, that the directories 
/usr/local and /opt are 100% controlled by the local policy, therefore no 
package controlled through the packet manager is allowed to put files in
there. The main advante for the system administrator is, that is can do 
whatever he wants below /usr/local without the risk of breaking the 
packet manager. Personally I like this very much and it perfectly conforms
to the Linux file system standard.
When I remember correctly, the packages officially distributed by Suse or
Redhat do not write files into /usr/local. Surely there are rpms (and even 
debs) floating around the net, which install files below /usr/local, but they
are not distributed as official parts of any the distribution (I assume this
for Redhat/Mandrake/Suse and it is a strict policy for Debian).  When SE-Linux
is included in Debian (which I wish), it has to play the game of the Debian
Guidelines because it would be an official part of the distribution.


Best wishes
	Achim
-- 
Achim D. Brucker, brucker@informatik.uni-freiburg.de 
 http://www.informatik.uni-freiburg.de/~brucker
pgp-key on request: send mail with subject: public-key

Those who do not understand Unix are condemned to reinvent it, poorly. 
 -- Henry Spencer


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Russell Coker]

On Thu, 29 Nov 2001 18:08, Flood Randy Capt AFCA/TCAA wrote:
> This seems to be a flaw with the Debian distribution then.  Doesn't the
> Linux filesystems standard (or whatever its called) specify that
> software should be installed there?

Please read the specs.  Software installed by "make install" or equivalent 
belongs in /usr/local, software installed in packages as part of the OS 
belongs elsewhere.

My aim is to produce packages ot SE-Linux for Debian not to write a wrapper 
around "make install" (if the latter was my aim I'd have completed it long 
ago and moved on to other projects).

On Thu, 29 Nov 2001 19:04, Jose Nazario wrote:
> it would seem to come down to "is selinux the base system or an add on?"
> the distribution model of selinux would indicate that it's an add on, as
> its not a full fledged distribution.

It's an add on if it's installed by "make install".  It's part of the base 
system if it's installed by dpkg or dselect.

If we use your logic then almost everything is an add-on and everything will 
be in /usr/local...

> <opinion>
> #include "disclaimer.h"
>
> if debian wants it someplace else, have locally available patches. please
> don't attempt to apply such standards to everyone else. thank you. it is,
> after all, why you're a different distro.

Yes, Debian is the distribution that most closely follows standards such as 
the FHS (FSSTD) and the LSB.  Anyone who wants to write software that is 
incompatible with such standards is free to do so.  It'll limit acceptance of 
their software.

Then of course if we can't get agreement between all the distributions 
(Debian, Red Hat, SUSE, etc) on how to change such software to make it comply 
to relevant standards then everyone will suffer.

On Thu, 29 Nov 2001 20:48, Achim D. Brucker wrote:
> No it is not a flaw ;-).
> The main argument/idea is, that the directories
> /usr/local and /opt are 100% controlled by the local policy, therefore no

Absolutely!

> package controlled through the packet manager is allowed to put files in
> there. The main advante for the system administrator is, that is can do
> whatever he wants below /usr/local without the risk of breaking the
> packet manager.

I think that the risk of the package manager breaking what the administrator 
does is just as great.  Sometimes I want to have two copies of the same 
program installed, a package and a custom version in /usr/local.

> Personally I like this very much and it perfectly conforms
> to the Linux file system standard.

Also conforms to common practise over the last 10+ years.

> When I remember correctly, the packages officially distributed by Suse or
> Redhat do not write files into /usr/local. Surely there are rpms (and even
> debs) floating around the net, which install files below /usr/local, but
> they are not distributed as official parts of any the distribution (I
> assume this for Redhat/Mandrake/Suse and it is a strict policy for Debian).

Yes.  Sun is the only vendor I've come across that ships packages that mess 
with /usr/local.  They seem to think that a Sun package of bash for Solaris 
2.6 (distributed from a Sun web site) should install to /usr/local/bin while 
a package for Solaris 8.0 (distributed on the install CDs) should be in /bin. 
This sort of thing really sucks when you are trying to manage a network.

>  When SE-Linux is included in Debian (which I wish), it has to play the
> game of the Debian Guidelines because it would be an official part of the
> distribution.

Absolutely!

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Tom]

On Fri, Nov 30, 2001 at 08:13:14PM +0100, Russell Coker wrote:
> Yes.  Sun is the only vendor I've come across that ships packages that mess 
> with /usr/local.  They seem to think that a Sun package of bash for Solaris 
> 2.6 (distributed from a Sun web site) should install to /usr/local/bin while 
> a package for Solaris 8.0 (distributed on the install CDs) should be in /bin. 
> This sort of thing really sucks when you are trying to manage a network.

OpenBSD also does this. bash is in /usr/local/bin even though it's not
a port or a 3rd party piece, but an official package.

I agree on that not being good practice. I don't know that rationale
for these, though.

-- 
http://web.lemuria.org/pubkey.html
pub  1024D/D88D35A6 2001-11-14 Tom Vogt <tom@lemuria.org>
     Key fingerprint = 276B B7BB E4D8 FCCE DB8F  F965 310B 811A D88D 35A6

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Jesse Pollard]

On Friday 30 November 2001 16:17, Tom wrote:
> On Fri, Nov 30, 2001 at 08:13:14PM +0100, Russell Coker wrote:
> > Yes.  Sun is the only vendor I've come across that ships packages that
> > mess with /usr/local.  They seem to think that a Sun package of bash for
> > Solaris 2.6 (distributed from a Sun web site) should install to
> > /usr/local/bin while a package for Solaris 8.0 (distributed on the
> > install CDs) should be in /bin. This sort of thing really sucks when you
> > are trying to manage a network.
>
> OpenBSD also does this. bash is in /usr/local/bin even though it's not
> a port or a 3rd party piece, but an official package.
>
> I agree on that not being good practice. I don't know that rationale
> for these, though.

I can give a rationale, but can't promise it as the real one...

These "packages" are NOT part of Solaris. They are "contributed" packages
that may not be upgraded, may not be patched, nor are they required to even
work.

The /bin and friends are part of Solaris. If they cause security problems, 
then Sun is obliged to provide patches/updates. Not so for /usr/local. If 
theres a problem, you remove or don't install them.

The stuff in /usr/local is not contractually maintained....


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Russell Coker]

On Sat, 1 Dec 2001 01:46, Jesse Pollard wrote:
> > > Yes.  Sun is the only vendor I've come across that ships packages that
> > > mess with /usr/local.  They seem to think that a Sun package of bash
> > > for Solaris 2.6 (distributed from a Sun web site) should install to
> > > /usr/local/bin while a package for Solaris 8.0 (distributed on the
> > > install CDs) should be in /bin. This sort of thing really sucks when
> > > you are trying to manage a network.
> >
> > OpenBSD also does this. bash is in /usr/local/bin even though it's not
> > a port or a 3rd party piece, but an official package.
> >
> > I agree on that not being good practice. I don't know that rationale
> > for these, though.
>
> I can give a rationale, but can't promise it as the real one...
>
> These "packages" are NOT part of Solaris. They are "contributed" packages
> that may not be upgraded, may not be patched, nor are they required to even
> work.
>
> The /bin and friends are part of Solaris. If they cause security problems,
> then Sun is obliged to provide patches/updates. Not so for /usr/local. If
> theres a problem, you remove or don't install them.
>
> The stuff in /usr/local is not contractually maintained....

When an important security related package such as syslogd has a bug that 
allows it to be killed by users (or remotely killed if listening to the 
network) it's still not serious enough for Sun to fix it.  Solaris 2.6 
syslogd has been known as buggy for years and Sun have announced plans to 
never fix it.

I'm sure that the contrib packages will get updated when there's an upstream 
fix for a security issue.

I can't see any difference between the packages for /bin and the packages for 
/usr/local/bin in this regard.  If anything the ones in /usr/local/bin have 
better support I think.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Jesse Pollard]

On Saturday 01 December 2001 03:00, Russell Coker wrote:
> On Sat, 1 Dec 2001 01:46, Jesse Pollard wrote:
> > > > Yes.  Sun is the only vendor I've come across that ships packages
> > > > that mess with /usr/local.  They seem to think that a Sun package of
> > > > bash for Solaris 2.6 (distributed from a Sun web site) should install
> > > > to /usr/local/bin while a package for Solaris 8.0 (distributed on the
> > > > install CDs) should be in /bin. This sort of thing really sucks when
> > > > you are trying to manage a network.
> > >
> > > OpenBSD also does this. bash is in /usr/local/bin even though it's not
> > > a port or a 3rd party piece, but an official package.
> > >
> > > I agree on that not being good practice. I don't know that rationale
> > > for these, though.
> >
> > I can give a rationale, but can't promise it as the real one...
> >
> > These "packages" are NOT part of Solaris. They are "contributed" packages
> > that may not be upgraded, may not be patched, nor are they required to
> > even work.
> >
> > The /bin and friends are part of Solaris. If they cause security
> > problems, then Sun is obliged to provide patches/updates. Not so for
> > /usr/local. If theres a problem, you remove or don't install them.
> >
> > The stuff in /usr/local is not contractually maintained....
>
> When an important security related package such as syslogd has a bug that
> allows it to be killed by users (or remotely killed if listening to the
> network) it's still not serious enough for Sun to fix it.  Solaris 2.6
> syslogd has been known as buggy for years and Sun have announced plans to
> never fix it.
>
> I'm sure that the contrib packages will get updated when there's an
> upstream fix for a security issue.
>
> I can't see any difference between the packages for /bin and the packages
> for /usr/local/bin in this regard.  If anything the ones in /usr/local/bin
> have better support I think.

I don't believe sun is supporting 2.6 at all now.  You will have to update the
OS to get any fixes. Unless some volunteer at sun (or elsewere) updates the
the "contributed" packages they won't be updated at all.

The difference is that Sun doesn't pay employees to work on packages for 
/usr/local. They do pay for the core distribution.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Dale Amon]

I'm sort of on hold until I figure out the best way
to work around this problem with libwrap not exising
in sid.

Rich: have you seen this? I'd rather match my solution
to yours rather than go reinventing wheels.

In case you didn't read the earlier posting, in the
selinux utils install ssh is looking for libwrap during
a .configure and dying. sid dist has libwrap0 which
I already have installed.

-- 
------------------------------------------------------
    Nuke bin Laden:           Dale Amon, CEO/MD
  improve the global          Islandone Society
     gene pool.               www.islandone.org
------------------------------------------------------

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat, findutils, fileutils, and [xkg]dm

[Russell Coker]

On Mon, 17 Dec 2001 17:48, Dale Amon wrote:
> I'm sort of on hold until I figure out the best way
> to work around this problem with libwrap not exising
> in sid.

It does exist though.

> In case you didn't read the earlier posting, in the
> selinux utils install ssh is looking for libwrap during
> a .configure and dying. sid dist has libwrap0 which
> I already have installed.

What about libwrap0-dev?  libwrap0-dev is what you need to compile programs 
that use TCP wrappers.

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.