[ubuntu-hardened] SmackConfiguration wiki page
Kees Cook
kees at ubuntu.com
Fri Jul 18 12:55:50 BST 2008
Hi,
On Thu, Jul 17, 2008 at 11:24:23PM -0700, Casey Schaufler wrote:
> I am very sorry that I flaked out on today's meeting. Between
> getting ready for OLS and a new job it just fell out of my
> brain.
No problem, I need to do a better job of "advertising" it to nudge
people's memory. :)
>> Beyond that, I see two things that need to be fixed:
>> 1) Smack needs to be enabled in the kernel
>> 2) smack-utils needs to be packaged for Ubuntu (and/or Debian)
>>
>> I've already asked Tim Gardner (kernel team) to turn on the config for Smack,
>> so that should show up in the next Intrepid kernel.
>
> Just a heads up, you can't have both SELinux and Smack at the same time.
> The initialization logic will enable whichever gets loaded first (it will
> be SELinux, BTW) and refuse the second.
Any number of LSM can be compiled into the kernel (presently we have
both SELinux and AppArmor). In Ubuntu, AppArmor is selected by default.
If you look at the grub/debconf handling in the "selinux" Ubuntu
package, you can see how to select a different LSM by default.
>> Is anyone interested in doing some from-scratch packaging of
>> smack-utils?
>
> I'll buy anyone who does this as many beers (or coffees) as they
> can drink in a day.
Heheh. It might make sense to check in on #ubuntu-motu or the
ubuntu-motu mailing list to see if there are any people looking for some
packaging experience.
Thanks,
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-hardened
mailing list