From: Dale Amon <amon@vnl.com>
To: selinux@tycho.nsa.gov
Subject: Attn Colin: Overhelpful /usr/sbin/policy-remove-unwanted
Date: Sat, 28 Feb 2004 18:14:18 +0000 [thread overview]
Message-ID: <20040228181418.GO11147@vnl.com> (raw)
Colin's /usr/sbin/policy-remove-unwanted gets into trouble
when you are using syslog-ng and do not have klogd installed:
Using policy installation method "Automatic"
Copying the sample /usr/share/selinux/policy/current directory from
/usr/share/selinux/policy/default
Removal of unwanted policy files
Removing "current/domains/program/gnome-pty-helper.te"
Keeping "current/domains/program/checkpolicy.te"
Keeping "current/domains/program/chkpwd.te"
Keeping "current/domains/program/crond.te"
Keeping "current/domains/program/crontab.te"
Keeping "current/domains/program/fsadm.te"
Keeping "current/domains/program/getty.te"
Keeping "current/domains/program/ifconfig.te"
Keeping "current/domains/program/init.te"
Keeping "current/domains/program/initrc.te"
Removing "current/domains/program/klogd.te"
I think he needs to special case this and either test
for syslog-ng if the .te to be removed is klogd and
klogd is not found; or else simply never remove klogd.te
under any circumstance.
This problem could pop up at other places under
Automatic install as there is an assumption of an
absolute correspondence between the xxxx.te and one or
more xxxxx*.deb packages. (Or that's what I get from
a quick read through of the code without figuring
out all the details.)
Colin? Pong... in your court! :-)
--
------------------------------------------------------
Dale Amon amon@islandone.org +44-7802-188325
International linux systems consultancy
Hardware & software system design, security
and networking, systems programming and Admin
"Have Laptop, Will Travel"
------------------------------------------------------
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2004-02-28 18:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-28 18:14 Dale Amon [this message]
2004-02-29 2:44 ` Attn Colin: Overhelpful /usr/sbin/policy-remove-unwanted Russell Coker
2004-02-29 4:21 ` Dale Amon
2004-02-29 4:26 ` Dale Amon
2004-02-29 4:45 ` Russell Coker
2004-02-29 16:01 ` Dale Amon
2004-02-29 18:03 ` Russell Coker
2004-03-01 5:06 ` Colin Walters
2004-03-01 9:43 ` Dale Amon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040228181418.GO11147@vnl.com \
--to=amon@vnl.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.