Lorenzo Hernandez Garcia-Hierro lorenzohgh at gmail.com
Tue Nov 1 14:02:20 CST 2005


El mar, 01-11-2005 a las 15:50 -0400, jeff.schroeder2 at us.army.mil
escribió:
> >> At least, we can still work on the policy and avoid 
> >> wasting time ;). cap_over from upstream works fine
> >> on kernels up to 2.6.14 (mainline tested)
> Is cap_over policy enforcement enabled by default in 
> the most recent cvs? I know it is not in the previous
> cvs release I have laying around /home and if not,
> could you commit it?

I'm going to work on the enforcement code soon. By now, and until we fix
the freeze bug, CVS shouldn't receive any commits.

> 
> >> Policy work involves researching on the default
> >> setuid binaries in dapper and breezy, and creating
> >> policies for each one of them. You just need the
> >> policy loader and cap_over LSM.
> cap_over is merged with vSecurity, but you need the
> cap_over LSM? Forgive my ignorance, but that sounds
> like I need to compile && modprobe cap_over. I am
> guessing this is incorrect, but I would like to clear
> things up first.

No, we need the cap_over LSM until we fix vSecurity's freeze bug. Using
cap_over LSM makes possible to work on the policy without getting stuck
while we work on fixing vsec.

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo at gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada
	digitalmente
Url : http://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20051101/e334c1f9/attachment.pgp


More information about the ubuntu-hardened mailing list