[redhat-lspp] LSPP kickstart config v0.43 released

Klaus Weidner klaus at atsec.com
Thu Apr 19 13:51:12 UTC 2007 

Hello all,

some bugfixes, enhancements to the RBAC self test, and new package
versions. This version should get rid of the ".rpmnew" files created when
upgrading packages in the postinst section which appeared to be specific
to the biarch platforms.

Changes in 0.43:

commit c70a61017fd885f52fd00d01852cbee19a456596
Author: Klaus Weidner <kw at io2.(none)>
Date:   Thu Apr 19 08:46:50 2007 -0500

    packages: bump selinux-policy to -60

commit 271bb1105cd591290fda55c78023e02848546f59
Author: George Wilson <gcwilson at us.ibm.com>
Date:   Wed Apr 18 19:16:55 2007 -0500

    packages: bump aide version to .9

commit 6e56aec870463ad85a724e35f66956e57e919708
Author: Klaus Weidner <kw at io2.(none)>
Date:   Wed Apr 18 09:48:19 2007 -0500

    post-inst: use "rpm --replacefiles" to prevent creating .rpmnew files

commit cc2fcb58aa6d6a276d811116b05d1119c41ff7ca
Author: George Wilson <gcwilson at us.ibm.com>
Date:   Tue Apr 17 13:00:27 2007 -0500

    rbac-self-test: use internal runcon, update policy
    
    Changed rbac-self-test to use self.runcon() rather than os.spawnv()
    in order to run aide at SystemHigh.  This means that rbac-self-test
    can now be run at SystemLow.  Also moved the aide --check to beneath
    the other checks.
    
    Updated policy to get add additional aide db TE permissions and to
    get rid of newrole permissions.  I still need to do more work to
    minimize the policy.

commit f149bef4b133a62a4f39bdc1211af579de28611a
Author: George Wilson <gcwilson at us.ibm.com>
Date:   Mon Apr 16 00:55:14 2007 -0500

    rbac-self-test: allow rbacselftest_t aide_db_t:file { create rename };

Please get the packages the script requests in the postinstall phase from
the http://people.redhat.com/sgrubb/files/lspp/ repository.

Workarounds:

If the script requires a package that has been replaced by a newer one in
the repository, you can do a quick&dirty workaround instead of starting
over - put the newer .rpm file in /root/rpms/ and rename it to the
expected old name in a "!" escape. If you need to do that, please let me
know what the new version is (preferably as a patch to the
lspp-config/kickstart/src/rpms.lst file, which is the source for the list
in the individual kickstart files).

RPM download:

   http://klaus.vh.swiftco.net/lspp/SRPMS/
   http://klaus.vh.swiftco.net/lspp/RPMS/noarch/

Git repository:

   http://klaus.vh.swiftco.net/lspp/git/

-Klaus

More information about the redhat-lspp mailing list