1 |
I like punishment :-) |
2 |
|
3 |
|
4 |
I manually merge the gentoo changes into the policy I've been building up |
5 |
since before the new API existed. I like the way staff_r behaves in the old |
6 |
policy so keep that part unchanged. |
7 |
|
8 |
michael |
9 |
|
10 |
On Tue, 13 Jan 2004 20:28:56 -0800 |
11 |
Bill McCarty <bmccarty@××××××.net> wrote: |
12 |
|
13 |
> Hi Mike and all, |
14 |
> |
15 |
> Thanks, Mike! That helps me understand my confusion. |
16 |
> |
17 |
> Are lots of folks running Gentoo with policies other than that distributed |
18 |
> |
19 |
> in the Gentoo ebuild? I'd have expected anyone doing so to experience |
20 |
> problems with emerge and other Gentoo-specific facilities. So, I infer |
21 |
> that anyone doing so has significantly modified whatever policy they're |
22 |
> using. |
23 |
> |
24 |
> Cheers, |
25 |
> |
26 |
> --On Tuesday, January 13, 2004 4:57 PM -0800 Michael Reilly |
27 |
> <michaelr@×××××.com> wrote: |
28 |
> |
29 |
> > staff_r can su with the older NSA released policy and with Richard |
30 |
> > Cocker's policy (I hope I spelled his name correctly). I haven't tried |
31 |
> > the latest to see if the NSA policy has changed this or not |
32 |
> > |
33 |
> > I still use the older policy. If my role is staff_r I can always su. |
34 |
> > |
35 |
> > The older policy dis-allows going directly to staff_r via ssh. A |
36 |
> > newrole is needed. |
37 |
> |
38 |
> --------------------------------------------------- |
39 |
> Bill McCarty |
40 |
|
41 |
|
42 |
-- |
43 |
---- ---- ---- |
44 |
Michael Reilly michaelr@×××××.com |
45 |
Cisco Systems, Santa Cruz, CA |
46 |
|
47 |
-- |
48 |
gentoo-hardened@g.o mailing list |