| 1 |
Hi Baojun, |
| 2 |
|
| 3 |
late response though, but I came across the same problem just today and |
| 4 |
found your post ;) |
| 5 |
|
| 6 |
Wang, Baojun wrote: |
| 7 |
> Now I think all the configuration is working but the permission have some |
| 8 |
> problem, since I'm using gentoo hardened, I think the problems are because |
| 9 |
> I'm using hardened gentoo, How can I solve this problem, and any hints? |
| 10 |
|
| 11 |
When using TPE use the following Kernel-Options (you might want to |
| 12 |
select another gid): |
| 13 |
|
| 14 |
CONFIG_GRKERNSEC_TPE=y |
| 15 |
# CONFIG_GRKERNSEC_TPE_ALL is not set |
| 16 |
CONFIG_GRKERNSEC_TPE_INVERT=y |
| 17 |
CONFIG_GRKERNSEC_TPE_GID=2000 |
| 18 |
|
| 19 |
after booting the fresh-built kernel create a new group "tpeexcl" with |
| 20 |
gid 2000, add both mailman and apache users to the "tpeexcl" group, |
| 21 |
mailman and its webinterface now should work. |
| 22 |
|
| 23 |
hth, |
| 24 |
Tobias |
| 25 |
|
| 26 |
PS: I'd suggest deploying the -r2 (currently _not_ marked stable) which |
| 27 |
uses "proper" paths (i.e. doesn't install to /usr/local plus separates |
| 28 |
application binaries (/usr) from application data (/var)). |
| 29 |
-- |
| 30 |
Gentoo Linux - Die Metadistribution |
| 31 |
http://www.mitp.de/1769 |
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-hardened@l.g.o mailing list |
Archives