sorry, oliver: in order to solicit an answer, an actual question has to be asked. no question was asked, therefore of course there was no fricking answer. so - what was the question?
On Thu, Mar 4, 2010 at 7:09 PM, Debian Bug Tracking System <ow...@bugs.debian.org> wrote: > This is an automatic notification regarding your Bug report > which was filed against the kdm package: > > #249784: kdm: Patch for SE/Linux 2.6 Security enhancements > > It has been closed by Olivier Vitrat <ovit.deb...@gmail.com>. > > Their explanation is attached below along with your original report. > If this explanation is unsatisfactory and you have not received a > better one in a separate message then please contact Olivier Vitrat > <ovit.deb...@gmail.com> by > replying to this email. > > > -- > 249784: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249784 > Debian Bug Tracking System > Contact ow...@bugs.debian.org with problems > > > ---------- Forwarded message ---------- > From: Olivier Vitrat <ovit.deb...@gmail.com> > To: 249784-d...@bugs.debian.org > Date: Thu, 4 Mar 2010 14:08:01 -0500 > Subject: Closing bug #249784 > No answer from submitter. Closing this bug report. > Olivier > > > > ---------- Forwarded message ---------- > From: Luke Kenneth Casson Leighton <l...@lkcl.net> > To: Debian Bug Tracking System <sub...@bugs.debian.org> > Date: Wed, 19 May 2004 07:52:07 +0000 > Subject: kdm: Patch for SE/Linux 2.6 Security enhancements > Package: kdm > Severity: wishlist > > > this is pretty much it, believe it or not. > of course configure --enable-selinux is required (in debian/rules). > > the debian package should have --enable-selinux ON by default. > > if you are considering _not_ applying this patch, then consider this: > a large number of packages have already accepted, upstream, the > selinux patches, including logrotate and gdm. > > therefore, libselinux, like libacl, is pretty much going to become > a part of the base linux install. > > also, the patch has ZERO effect on a system which has neither selinux > enabled at boot-time nor selinux compiled/modules _in_ the kernel. > > > --- client.c.old 2004-05-19 07:40:58.000000000 +0000 > +++ kdm/backend/client.c 2004-05-19 07:18:01.000000000 +0000 > @@ -44,6 +44,12 @@ > #include <sys/stat.h> > #include <pwd.h> > #include <grp.h> > + > +#ifdef WITH_SELINUX > +#include <selinux/get_context_list.h> > +#include <selinux/selinux.h> > +#endif > + > #ifdef SECURE_RPC > # include <rpc/rpc.h> > # include <rpc/key_prot.h> > @@ -1085,6 +1091,24 @@ > systemEnviron); > > /* > + * for Security Enhanced Linux, > + * set the default security context for this user. > + */ > +#ifdef WITH_SELINUX > + if (is_selinux_enabled()) > + { > + security_context_t scontext; > + if (get_default_context(name,NULL,&scontext)) > + LogError("Failed to get default security context for %s.", > name); > + Debug("setting security context to %s", scontext); > + if (setexeccon(scontext)) { > + freecon(scontext); > + LogError("Failed to set exec security context %s for %s.", > scontext, name); > + } > + freecon(scontext); > + } > +#endif > + /* > * for user-based authorization schemes, > * add the user to the server's allowed "hosts" list. > */ > --- configure.in.in.old 2004-05-19 07:43:37.000000000 +0000 > +++ configure.in.in 2004-05-19 07:18:15.000000000 +0000 > @@ -197,3 +197,23 @@ > #endif > ]) > > +AC_MSG_CHECKING(for SELinux support) > +AC_ARG_ENABLE(selinux, > + AC_HELP_STRING([--enable-selinux], [enable SELinux support]), > + [ > + AC_MSG_RESULT(yes) > + AC_CHECK_LIB(selinux, is_selinux_enabled, [SELINUX_LDFLAGS="-lselinux" > + AC_DEFINE_UNQUOTED(HAVE_SELINUX_LIB, 1, [Define if libselinux is > installed]) > + AC_DEFINE(WITH_SELINUX, 1, [Define if you want wdm to be > compiled with SELinux support]) > + SELINUX_CFLAGS="-DWITH_SELINUX -I/usr/include/selinux" > + ], > + [ > + AC_MSG_WARN([libselinux not found, compiling without SELinux > support]) > + ]) > + ], > + [ > + AC_MSG_RESULT(no) > + ]) > +AC_SUBST(SELINUX_LDFLAGS) > +AC_SUBST(SELINUX_CFLAGS) > + > --- Makefile.am.old 2004-05-19 07:46:07.000000000 +0000 > +++ kdm/backend/Makefile.am 2004-05-19 07:18:31.000000000 +0000 > @@ -8,6 +8,10 @@ > $(LIB_LIBS) $(KRB4_LIBS) $(KRB5_LIBS) $(LIBSOCKET) $(LIBRESOLV) \ > $(LIBUCB) $(LIBUTIL) > > +CPPFLAGS = $(CPPFLAGS) $(SELINUX_CFLAGS) > +CFLAGS = $(CFLAGS) $(SELINUX_CFLAGS) > +LDFLAGS = $(LDFLAGS) $(SELINUX_LDFLAGS) > + > bin_PROGRAMS = kdm > kdm_SOURCES = \ > access.c \ > -- System Information: > Debian Release: testing/unstable > Architecture: i386 > Kernel: Linux highfield 2.6.6-selinux1 #5 Tue May 18 16:33:29 GMT 2004 i686 > Locale: LANG=C, LC_CTYPE=C > > > > -- To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ced5f0f61003041155v71018246y18f9cf5396cc7...@mail.gmail.com
