[Apparmor-general] problem with profiling sshd under OpenSuSE 10.2
Steve Beattie
sbeattie at suse.de
Tue Feb 6 01:58:58 MST 2007
On Mon, Feb 05, 2007 at 02:32:56PM -0800, Seth Arnold wrote:
> On Sun, Feb 04, 2007 at 09:06:10PM -0800, Seth Arnold wrote:
> > (If that doesn't work, then you can try to use our packages provided on
> > the openSUSE build service; I'll look up the URLs for that tomorrow
> > morning when I'm on a less annoying connection. :)
>
> http://software.opensuse.org/download/home:/steve-beattie/openSUSE-10.2/home:steve-beattie.repo
>
> This provides 'factory'-ish packages rebuild on older distributions; we
> have our apache module, the parser, libapparmor, pam_apparmor, docs,
> profiles, utilities, and the yast interface, all packaged here.
The apparmor packages in openSUSE's buildservice above come close to
tracking the head of our svn tree; it's not automated, but I do try to
push updates frequently. Eventually, I'm hoping to have the project move
to something like Security/AppArmor_svn (instead of home:/steve-beattie).
(I also think it'd be handy to have an apparmor KMP package for the
module, to ease testing new features and bugfixes.)
> You can _try_ kernels from the Kernel of the Day:
> ftp://ftp.suse.com/pub/projects/kernel/kotd/sle10-sp-i386/SLES10_SP1_BRANCH
>
> (I -think- that only the SLE 10 SP1 beta kernels have the capabilities,
> but perhaps I've missed the checkin notice for our 10.3 kernel branch.)
Note that the kernel update is only needed to get correct _reporting_ of
the capability; if the parser is updated to support the new capabilities,
kernels+modules from 2.6.11ish will support _mediating_ the audit_write
and audit_control capabilities.
Most likely sshd desires the audit_write capability to write an
authentication audit record. audit_control should only be needed by
auditd, auditctl, and possibly other audit tools, if my reading of a
recent capabilities(7) manpage conforms to reality.
--
Steve Beattie
SUSE Labs, Novell Inc.
<sbeattie at suse.de>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://forge.novell.com/pipermail/apparmor-general/attachments/20070206/4a8b903c/attachment.pgp
More information about the Apparmor-general
mailing list