Kmail offline

Dmitriy Kropivnitskiy nigde at mitechki.net
Fri Jan 26 18:33:50 UTC 2007 

Gene Heskett wrote:
> And you obviously don't see the data security inherent in being able to 
> take a copy of that backup to any machine in the world and recover it to 
> localhost.  The real amanda will recover only to the FQDN of the machine 
> that backup was made on.  Its compiled in becomes part of the backups 
> preamble.

This seems to me more of a usability problem then a security feature. If I steal
the backup and need to restore it, I can set my local name resolution to resolve
to anything I want and restore it that way. On the other hand if my naming
convention changes or my domain name changes or I just need to restore some part
of the backup to a different location for whatever legitimate reason, I would
need to go through the cracker hoops to circumvent this so called "security"
feature.

> The real amanda's working pieces, like amdump, run only as an unprivileged 
> user.  The last time I looked at an rpm install, root could run it, all 
> of it.  Now admittedly that's been 3 or 4 years ago & maybe its been 
> fixed in more recently available rpms.

I am talking about FC6. I am not talking "3 or 4 years ago". 4 years ago there
was no Fedora Linux for gods sake and I don't think ANY distributions (with the
exception of maybe NSA Secure Linux which was proof of concept that nobody ever
used) used selinux.

> Yes they do, and I spent an hour last night staring at the restorecon (and 
> friends) pages without getting anything out of it as to how I was 
> supposed to convert a bunch of fonts installed in the /root/.fonts dir, 

Why are you trying to use fonts in /root/.fonts? Are you running your GUI
sessions as root? As it has ben said a lot of times YOU SHOULD NOT DO THAT AND
SELINUX IS ABSOLUTELY CORRECT IN NOT ALLOWING YOU TO.

> and change their 'ls --scontext' from root_t to system_t.  
man chcon

> I don't think 
> that's going to effect the errors when running fc-cache, but it was worth 
> a try.  I did delete a couple of 0 length font.cache and font.dir files 
> that don't exist on my FC5 lappy, but that made no difference to the 

Get yourself a recent version of Fedora. The current is FC6.

> Amazingly, printing, which was 
> disabled by an error in findfonts for the last 2 days, has now begun to 
> work again.

And this relates to the selinux in what manner?

> straceing fc-cache fails to disclose what 'cache' file it failed to write, 
Yes it does. Look for failed open() stat() or write() calls.

> That was unsuccessful 4 years ago, after I had bought a cheap seimans 
Why are you discussing 4 years ago? Are you living in the past? Do you think
therapy would help?

More information about the fedora-list mailing list