Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Hardened (http://www.linux-archive.org/gentoo-hardened/)
-   -   Fwd: hardened gentoo mailman/postfix/apache notes? (http://www.linux-archive.org/gentoo-hardened/35107-fwd-hardened-gentoo-mailman-postfix-apache-notes.html)

Tobias Scherbaum 01-11-2008 07:38 PM

Fwd: hardened gentoo mailman/postfix/apache notes?
 
Hi Baojun,

late response though, but I came across the same problem just today and
found your post ;)

Wang, Baojun wrote:
> Now I think all the configuration is working but the permission have some
> problem, since I'm using gentoo hardened, I think the problems are because
> I'm using hardened gentoo, How can I solve this problem, and any hints?

When using TPE use the following Kernel-Options (you might want to
select another gid):

CONFIG_GRKERNSEC_TPE=y
# CONFIG_GRKERNSEC_TPE_ALL is not set
CONFIG_GRKERNSEC_TPE_INVERT=y
CONFIG_GRKERNSEC_TPE_GID=2000

after booting the fresh-built kernel create a new group "tpeexcl" with
gid 2000, add both mailman and apache users to the "tpeexcl" group,
mailman and its webinterface now should work.

hth,
Tobias

PS: I'd suggest deploying the -r2 (currently _not_ marked stable) which
uses "proper" paths (i.e. doesn't install to /usr/local plus separates
application binaries (/usr) from application data (/var)).
--
Gentoo Linux - Die Metadistribution
http://www.mitp.de/1769

--
gentoo-hardened@lists.gentoo.org mailing list


All times are GMT. The time now is 03:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.