1 |
I had my own problems with the recent LiveCD. It would get a good way |
2 |
through the bootstrap and then it would lock up. Unfortunately, it |
3 |
always seemed to do this when I wasn't watching, and by the time I |
4 |
noticed, the screen would be blanked and pressing keys wouldn't revive |
5 |
it. The solution was to use scripts/bootstrap-2.6.sh: That worked the |
6 |
first time. I had intended to install gentoo-dev-sources anyway. |
7 |
|
8 |
Additionally, I cannot find any of the stages on the Live CD. It seems |
9 |
like they should be there, since it's 100 MB, but I have the CD mounted |
10 |
how (and livecd.loop on the loopback) and they just aren't there. Maybe |
11 |
this is by design. |
12 |
|
13 |
In any case, I got the stage1 using wget. Incidentally, I do it this |
14 |
way: |
15 |
|
16 |
wget -O - <stage tarball URL> | tar xvfj - |
17 |
|
18 |
This way there is no intermediate file. |
19 |
|
20 |
I still don't really have a good grip on SELinux, though. For example, |
21 |
once I'm in enforcing mode, it seems that I can't run emerge, even if |
22 |
I'm using the sysadm_r role. The reason for this seemed to be that |
23 |
/usr/bin/emerge was a symlink to ../lib/portage/bin/emerge. I added |
24 |
/usr/bin/emerge into the profile, and relabeled, and then it worked. |
25 |
|
26 |
Another related problem is with portage itself. Emerge won't let you |
27 |
merge packages unless you are actually root. With SELinux, it's not a |
28 |
matter of being root, but being in the sysadm_r role. So it prevents a |
29 |
normal user with the right role from merging packages, even though they |
30 |
have the correct privileges from a filesystem perspective; and it allows |
31 |
root to merge packages, even though root might not be in the sysadm_r |
32 |
role and NOT have the correct privileges. The root test is correct from |
33 |
a non-SELinux perspective, though. (Well, mostly. A user in the portage |
34 |
group ought to at least be able to build binary packages, I think.) |
35 |
|
36 |
On the systems I have now, I give someone else sudo access so they can |
37 |
update package. I don't know if sudo is really compatible with SELinux |
38 |
or not. But presently to do updates, you'd have to su, which requires |
39 |
giving out the root password, and then newrole -r sysadm_t. I thought |
40 |
one of the points of doing SELinux was that you could take all special |
41 |
privileges from root (i.e. sysadm_r, staff_r) and make them a normal |
42 |
user (or with even less privileges than a normal user). But it doesn't |
43 |
seem feasible without some portage changes. |
44 |
-- |
45 |
Andy Dustman <adustman@×××××××××.edu> |
46 |
Office of Information Technology, Terry College of Business, UGA |
47 |
|
48 |
|
49 |
-- |
50 |
gentoo-hardened@g.o mailing list |