| 1 |
I like punishment :-) |
| 2 |
|
| 3 |
|
| 4 |
I manually merge the gentoo changes into the policy I've been building up |
| 5 |
since before the new API existed. I like the way staff_r behaves in the old |
| 6 |
policy so keep that part unchanged. |
| 7 |
|
| 8 |
michael |
| 9 |
|
| 10 |
On Tue, 13 Jan 2004 20:28:56 -0800 |
| 11 |
Bill McCarty <bmccarty@××××××.net> wrote: |
| 12 |
|
| 13 |
> Hi Mike and all, |
| 14 |
> |
| 15 |
> Thanks, Mike! That helps me understand my confusion. |
| 16 |
> |
| 17 |
> Are lots of folks running Gentoo with policies other than that distributed |
| 18 |
> |
| 19 |
> in the Gentoo ebuild? I'd have expected anyone doing so to experience |
| 20 |
> problems with emerge and other Gentoo-specific facilities. So, I infer |
| 21 |
> that anyone doing so has significantly modified whatever policy they're |
| 22 |
> using. |
| 23 |
> |
| 24 |
> Cheers, |
| 25 |
> |
| 26 |
> --On Tuesday, January 13, 2004 4:57 PM -0800 Michael Reilly |
| 27 |
> <michaelr@×××××.com> wrote: |
| 28 |
> |
| 29 |
> > staff_r can su with the older NSA released policy and with Richard |
| 30 |
> > Cocker's policy (I hope I spelled his name correctly). I haven't tried |
| 31 |
> > the latest to see if the NSA policy has changed this or not |
| 32 |
> > |
| 33 |
> > I still use the older policy. If my role is staff_r I can always su. |
| 34 |
> > |
| 35 |
> > The older policy dis-allows going directly to staff_r via ssh. A |
| 36 |
> > newrole is needed. |
| 37 |
> |
| 38 |
> --------------------------------------------------- |
| 39 |
> Bill McCarty |
| 40 |
|
| 41 |
|
| 42 |
-- |
| 43 |
---- ---- ---- |
| 44 |
Michael Reilly michaelr@×××××.com |
| 45 |
Cisco Systems, Santa Cruz, CA |
| 46 |
|
| 47 |
-- |
| 48 |
gentoo-hardened@g.o mailing list |
Archives