1 |
I'd rather you use SLOT's, this is what they are for.. |
2 |
otherwise in a few months you are going to have a |
3 |
sys-apps/gradm2 and you won't be able to move it |
4 |
(you can but it's overly complicated). |
5 |
|
6 |
you can just have gradm-1 in slot one that installs to |
7 |
/usr/sbin/gradm and gradm-2 in slot two that installs to |
8 |
/usr/sbin/gradm2 and they won't conflict, you could even |
9 |
give them different policy directories so that they don't |
10 |
collide. |
11 |
|
12 |
You could then have both slots merged in next to each other |
13 |
and it wouldn't be an issue.. |
14 |
|
15 |
the apache apache2 slot mess is really not SLOT'S fault, it's |
16 |
something different altogether, we have plenty of apps that |
17 |
have been happily slotted for a very long time (db, gtk, et al) |
18 |
|
19 |
|
20 |
|
21 |
Joshua Brindle |
22 |
|
23 |
>>> Ned Ludd <solar@g.o> 06/09/03 01:14PM >>> |
24 |
I would like to thank frogger for taking the time to put together |
25 |
hardened-sources-r3 for us (good work frogger) |
26 |
|
27 |
-r3 introduces the grsecurity-2.0-pre4-2.4.20.patch which has |
28 |
some very cool/needed new features for us grsecuirty users such as role |
29 |
based access control, variable support within acls including unions, |
30 |
intersections, differences of sets, and an learning device,daemon as |
31 |
well as nested subjects. All these features plus what it already had |
32 |
should make grsecurity2 the most well rounded complete host based |
33 |
security solution available for linux to date. |
34 |
|
35 |
These new features should be transparent to our users not using the |
36 |
access control list features of grsecurity, however for those of that |
37 |
will be be using them we have a few things to consider. |
38 |
|
39 |
First grsecurity 2 has not been officialy released yet, and no |
40 |
documentation exists for these features of grsecuity2 outside of the |
41 |
grsec mailing list itself. |
42 |
|
43 |
Second item is gradm itself, |
44 |
<=gradm-2 installs to /sbin/gradm and reads /etc/grsec/acl |
45 |
>gradm-2 also installs to /sbin/gradm and also reads /etc/grsec/acl |
46 |
But they dont play together well at all, and if we were to park gradm2 |
47 |
which is really gradm in sys-apps/gradm It would always get prefered |
48 |
over gradm-1.9.x when ~arch is set. This would affect users using |
49 |
gentoo-sources. I dont want to introduce another apache{1,2} SLOT type |
50 |
of mess. |
51 |
|
52 |
My simple solution would be to park gradm 2 in sys-apps/gradm2, install |
53 |
gradm 2 as /sbin/gradm2 with /etc/grsec2/acl and leave it this way |
54 |
untill grsecurity1 becomes deprecated. This would allow people to have |
55 |
both systems installed without any conflict. (Any comments before it |
56 |
gets set in stone?) |
57 |
|
58 |
-- |
59 |
Ned Ludd <solar@g.o> |
60 |
Gentoo Linux (Hardened) |
61 |
|
62 |
|
63 |
-- |
64 |
gentoo-hardened@g.o mailing list |
65 |
|
66 |
|
67 |
-- |
68 |
gentoo-hardened@g.o mailing list |