Hello, On 09/19/2011 07:54 PM, Christian Boltz wrote:
Hello,
on Montag, 19. September 2011, Peter Czanik wrote:
On 09/15/2011 10:47 PM, Christian Boltz wrote:
I did not enable capabilities support in the syslog-ng package, as it was enforced by AppArmor anyway. But I have to reconsider it, if AppArmor is not installed by default... Even with AppArmor installed, making your package more secure is always a good idea.
Or you just add a Requires: apparmor-profiles apparmor-utils ;-) I tried it now and added --with-capabilities to configure, and BuildRequires: libcap-devel But starting syslog-ng now fails with:
linux-0a57:~ # syslog-ng -v syslog-ng: Error parsing capabilities: cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_read_searc h,cap_dac_override,cap_chown,cap_fowner=p cap_syslog=ep
I was told, that this is a sign of too old capabilities package... cap_syslog was added around 2.6.38 Nice :-/ but not my area of responsibility ;-)
Please direct update requests for libcap to
# om libcap # [1] bugowner of Base:System/libcap : tiwai@suse.com Please update libcap to at least 2.20 (factory has 2.19) as that is the first version knowing about CAP_SYSLOG according to http://sites.google.com/site/fullycapable/release-notes-for-libcap
Or just to get this line in the syslog-ng.spec checked in: Requires: apparmor-profiles apparmor-utils ;-) Well, I'd love to, but syslog-ng is probably not the right package to pull it in. Do you have a pointer why it not installed by default any more? I did a quick search of the archives, but could not find it. Personally I think it was one of the best features of openSUSE. Unlike SELinux, it does not require a PhD in computer security to get it working... Bye, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org