ubuntu-hardened July 2008 archive
Main Archive Page > Month Archives  > ubuntu-hardened archives
ubuntu-hardened: Re: [ubuntu-hardened] SmackConfiguration wiki

Re: [ubuntu-hardened] SmackConfiguration wiki page

From: Kees Cook <kees_at_nospam>
Date: Fri Jul 18 2008 - 11:55:50 GMT
To: Casey Schaufler <casey@schaufler-ca.com>


On Thu, Jul 17, 2008 at 11:24:23PM -0700, Casey Schaufler wrote:
> I am very sorry that I flaked out on today's meeting. Between
> getting ready for OLS and a new job it just fell out of my
> brain.

No problem, I need to do a better job of "advertising" it to nudge people's memory. :)

>> Beyond that, I see two things that need to be fixed:
>> 1) Smack needs to be enabled in the kernel
>> 2) smack-utils needs to be packaged for Ubuntu (and/or Debian)
>> I've already asked Tim Gardner (kernel team) to turn on the config for Smack,
>> so that should show up in the next Intrepid kernel.
> Just a heads up, you can't have both SELinux and Smack at the same time.
> The initialization logic will enable whichever gets loaded first (it will
> be SELinux, BTW) and refuse the second.

Any number of LSM can be compiled into the kernel (presently we have both SELinux and AppArmor). In Ubuntu, AppArmor is selected by default. If you look at the grub/debconf handling in the "selinux" Ubuntu package, you can see how to select a different LSM by default.

>> Is anyone interested in doing some from-scratch packaging of
>> smack-utils?
> I'll buy anyone who does this as many beers (or coffees) as they
> can drink in a day.

Heheh. It might make sense to check in on #ubuntu-motu or the ubuntu-motu mailing list to see if there are any people looking for some packaging experience.


-Kees -- Kees Cook Ubuntu Security Team -- ubuntu-hardened mailing list ubuntu-hardened@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened