Lorenzo Hernandez Garcia-Hierro
lorenzohgh at gmail.com
Tue Nov 1 14:02:20 CST 2005
El mar, 01-11-2005 a las 15:50 -0400, jeff.schroeder2 at us.army.mil
> >> At least, we can still work on the policy and avoid
> >> wasting time ;). cap_over from upstream works fine
> >> on kernels up to 2.6.14 (mainline tested)
> Is cap_over policy enforcement enabled by default in
> the most recent cvs? I know it is not in the previous
> cvs release I have laying around /home and if not,
> could you commit it?
I'm going to work on the enforcement code soon. By now, and until we fix
the freeze bug, CVS shouldn't receive any commits.
> >> Policy work involves researching on the default
> >> setuid binaries in dapper and breezy, and creating
> >> policies for each one of them. You just need the
> >> policy loader and cap_over LSM.
> cap_over is merged with vSecurity, but you need the
> cap_over LSM? Forgive my ignorance, but that sounds
> like I need to compile && modprobe cap_over. I am
> guessing this is incorrect, but I would like to clear
> things up first.
No, we need the cap_over LSM until we fix vSecurity's freeze bug. Using
cap_over LSM makes possible to work on the policy without getting stuck
while we work on fixing vsec.
Lorenzo Hernández García-Hierro <lorenzo at gnu.org>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada
Url : http://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20051101/e334c1f9/attachment.pgp
More information about the ubuntu-hardened