1 |
Hi Baojun, |
2 |
|
3 |
late response though, but I came across the same problem just today and |
4 |
found your post ;) |
5 |
|
6 |
Wang, Baojun wrote: |
7 |
> Now I think all the configuration is working but the permission have some |
8 |
> problem, since I'm using gentoo hardened, I think the problems are because |
9 |
> I'm using hardened gentoo, How can I solve this problem, and any hints? |
10 |
|
11 |
When using TPE use the following Kernel-Options (you might want to |
12 |
select another gid): |
13 |
|
14 |
CONFIG_GRKERNSEC_TPE=y |
15 |
# CONFIG_GRKERNSEC_TPE_ALL is not set |
16 |
CONFIG_GRKERNSEC_TPE_INVERT=y |
17 |
CONFIG_GRKERNSEC_TPE_GID=2000 |
18 |
|
19 |
after booting the fresh-built kernel create a new group "tpeexcl" with |
20 |
gid 2000, add both mailman and apache users to the "tpeexcl" group, |
21 |
mailman and its webinterface now should work. |
22 |
|
23 |
hth, |
24 |
Tobias |
25 |
|
26 |
PS: I'd suggest deploying the -r2 (currently _not_ marked stable) which |
27 |
uses "proper" paths (i.e. doesn't install to /usr/local plus separates |
28 |
application binaries (/usr) from application data (/var)). |
29 |
-- |
30 |
Gentoo Linux - Die Metadistribution |
31 |
http://www.mitp.de/1769 |
32 |
|
33 |
-- |
34 |
gentoo-hardened@l.g.o mailing list |