How NSA access was built into Windows
Stephen Smalley
sds at tycho.nsa.gov
Thu Jan 18 17:57:40 UTC 2007
On Thu, 2007-01-18 at 12:44 -0500, Gene Heskett wrote:
> On Thursday 18 January 2007 10:13, Lyvim Xaphir wrote:
> >On Tue, 2007-01-16 at 01:55 -0500, Gene Heskett wrote:
> >> I believe you will have to build a generic kernel.org kernel,
> >> configured without that support, something I have underway right now,
> >> using 2.6.20-rc4. I was amazed at the number of options I found
> >> turned on that a proper 'make oldconfig' should absolutely never have
> >> turned on. My scripts take care of everything but grub.conf for a
> >> kernel install, so when its done all I should have to do is reboot
> >> since I'm already running 2.6.20-rc4. Several things I found may even
> >> account for the apparent slowness of later kernels. Things like 15
> >> seconds to launch firefox on an xp-2800 athlon with a gig of ram?
> >
> >When you get that kernel up and running, see if you can then do without
> >libselinux installed.
Not a good idea without rebuilding your userland without selinux
support. Even /sbin/init links against it (to load policy) and will die
without it.
> I'm not sure as I haven't tried to pull that yet. But without the stuff
> in the kernel, the logs are being filled by cron processes stuff, but the
> stuff, like amanda, seem to run normally.
>
> Lots of this sort of stuff:
>
> **Unmatched Entries**
> crond[1014]: pam_loginuid(crond:session): set_loginuid failed opening
> loginuid: 1 Time(s)
That isn't selinux - that is audit-related. Depends on
CONFIG_AUDITSYSCALL.
--
Stephen Smalley
National Security Agency
More information about the fedora-list
mailing list