[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Re: UNS: RE: UNS: RE: [Dazuko-devel] capability as a module on fc8

From: jim burns
Subject: Fwd: Re: UNS: RE: UNS: RE: [Dazuko-devel] capability as a module on fc8
Date: Mon, 10 Mar 2008 21:48:40 -0400
User-agent: KMail/1.9.9

----------  Forwarded Message  ----------

Subject: Re: UNS: RE: UNS: RE: [Dazuko-devel] capability as a module on fc8
Date: Monday 10 March 2008
From: jim burns <address@hidden>
To: "Tikka, Sami" <address@hidden>

On Monday 10 March 2008 04:10:27 am you wrote:
> I'll have to check if we have already fixed that. The version of dazuko we
> ship in our Linux Security product (currently in beta) is able to figure
> out the syscall table readonly issues without the user needing to configure
> dazuko differently.
> If you want to try it yourself, you can download Linux Security
> (http://www.f-secure.com/linux-weblog/2008/01/08/linux-security-700-beta-3/
>) and install it. Please tell me if it works for you.

I'm more interested in 'pure' dazuko, and the new directions John is taking it 
in, like stackable file systems. I'll check this out later to see what else 
it offers.

> What was the Linux distro and version where you tried it?

Fedora 8. Been a problem since fc6.

My SuSE system works with out a hitch, because capability is stackable on 
SuSE, unlike Fedora's commoncap/capability combo. The default configuration 
for openSuSE 10.3 doesn't even load capability. (I don't know how things like 
Avahi drop root privileges without it, but they do.)

> -- Sami
> P.S. Yes, I know it is a bad thing F-Secure uses its own version of dazuko.
> We will try to contribute our fixes back to John Ogness.
> P.P.S. The installation package contains the official dazuko 2.3.4 and a
> patch with all F-Secure's changes.

I'm anxiously awaiting John folding those changes back in, altho I understand 
if he is tired of patching a dinosaur - hence the stackable file system 
direction. :-)

Ps,  Hmm - From the Known Problems section of your release notes:

51858 Scanning NFS client accesses on server side is not possible.
          As a workaround, please configure a scheduled scan for
          the exported directories.

This is a big problem, as my Fedora system exports '/'. Is this your 
limitation, or dazuko's?

Not that I haven't thought of another AV alternative to antivir/dazuko, when I 
first read that LSM is going away.

Thanx for the response.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]