| 1 |
I'd rather you use SLOT's, this is what they are for.. |
| 2 |
otherwise in a few months you are going to have a |
| 3 |
sys-apps/gradm2 and you won't be able to move it |
| 4 |
(you can but it's overly complicated). |
| 5 |
|
| 6 |
you can just have gradm-1 in slot one that installs to |
| 7 |
/usr/sbin/gradm and gradm-2 in slot two that installs to |
| 8 |
/usr/sbin/gradm2 and they won't conflict, you could even |
| 9 |
give them different policy directories so that they don't |
| 10 |
collide. |
| 11 |
|
| 12 |
You could then have both slots merged in next to each other |
| 13 |
and it wouldn't be an issue.. |
| 14 |
|
| 15 |
the apache apache2 slot mess is really not SLOT'S fault, it's |
| 16 |
something different altogether, we have plenty of apps that |
| 17 |
have been happily slotted for a very long time (db, gtk, et al) |
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
Joshua Brindle |
| 22 |
|
| 23 |
>>> Ned Ludd <solar@g.o> 06/09/03 01:14PM >>> |
| 24 |
I would like to thank frogger for taking the time to put together |
| 25 |
hardened-sources-r3 for us (good work frogger) |
| 26 |
|
| 27 |
-r3 introduces the grsecurity-2.0-pre4-2.4.20.patch which has |
| 28 |
some very cool/needed new features for us grsecuirty users such as role |
| 29 |
based access control, variable support within acls including unions, |
| 30 |
intersections, differences of sets, and an learning device,daemon as |
| 31 |
well as nested subjects. All these features plus what it already had |
| 32 |
should make grsecurity2 the most well rounded complete host based |
| 33 |
security solution available for linux to date. |
| 34 |
|
| 35 |
These new features should be transparent to our users not using the |
| 36 |
access control list features of grsecurity, however for those of that |
| 37 |
will be be using them we have a few things to consider. |
| 38 |
|
| 39 |
First grsecurity 2 has not been officialy released yet, and no |
| 40 |
documentation exists for these features of grsecuity2 outside of the |
| 41 |
grsec mailing list itself. |
| 42 |
|
| 43 |
Second item is gradm itself, |
| 44 |
<=gradm-2 installs to /sbin/gradm and reads /etc/grsec/acl |
| 45 |
>gradm-2 also installs to /sbin/gradm and also reads /etc/grsec/acl |
| 46 |
But they dont play together well at all, and if we were to park gradm2 |
| 47 |
which is really gradm in sys-apps/gradm It would always get prefered |
| 48 |
over gradm-1.9.x when ~arch is set. This would affect users using |
| 49 |
gentoo-sources. I dont want to introduce another apache{1,2} SLOT type |
| 50 |
of mess. |
| 51 |
|
| 52 |
My simple solution would be to park gradm 2 in sys-apps/gradm2, install |
| 53 |
gradm 2 as /sbin/gradm2 with /etc/grsec2/acl and leave it this way |
| 54 |
untill grsecurity1 becomes deprecated. This would allow people to have |
| 55 |
both systems installed without any conflict. (Any comments before it |
| 56 |
gets set in stone?) |
| 57 |
|
| 58 |
-- |
| 59 |
Ned Ludd <solar@g.o> |
| 60 |
Gentoo Linux (Hardened) |
| 61 |
|
| 62 |
|
| 63 |
-- |
| 64 |
gentoo-hardened@g.o mailing list |
| 65 |
|
| 66 |
|
| 67 |
-- |
| 68 |
gentoo-hardened@g.o mailing list |
Archives