Below is a message I just posted to the debian Developers list about my
latest test packages (not uploaded to Debian and not official packages).
What is probably of more interest to you is the locations that I've put
header files in, here's what I'm currently installing:
/usr/include
/usr/include/linux
/usr/include/linux/flask
/usr/include/linux/flask/class_to_string.h
/usr/include/linux/flask/initial_sid_to_string.h
/usr/include/linux/flask/avc.h
/usr/include/linux/flask/avc_ss.h
/usr/include/linux/flask/av_perm_to_string.h
/usr/include/linux/flask/flask.h
/usr/include/linux/flask/security.h
/usr/include/linux/flask/psid.h
/usr/include/linux/flask/common_perm_to_string.h
/usr/include/linux/flask/syscalls.h
/usr/include/linux/flask/flask_types.h
/usr/include/linux/flask/av_permissions.h
/usr/include/linux/flask/av_inherit.h
/usr/include/selinux
/usr/include/selinux/ss.h
/usr/include/selinux/lsm.h
/usr/include/selinux/ipc_secure.h
/usr/include/selinux/proc_secure.h
/usr/include/selinux/context.h
/usr/include/selinux/get_sid_list.h
/usr/include/selinux/fs_secure.h
/usr/include/selinux/get_default_type.h
/usr/include/selinux/socket_secure.h
/usr/include/selinux/flask_util.h
/usr/include/selinux/get_user_sid.h
I would like some feedback from the authors of what they think about these locations. I will not put the include files in /usr/local, but I am open to suggestions of other ways of arranging them under /usr/include.
Also it would be conveniant for people who are develping distributions if there was a suggested location for header files that worked with the LSB directory scheme...
Subject: Re: SE Linux packages of login, sshd, tar, stat, findutils,
fileutils, and [xkg]dm
Date: Tue, 27 Nov 2001 20:44:23 +0100
From: Russell Coker <russell@coker.com.au>
To: Giacomo Catenazzi <cate@debian.org>, debian-devel@lists.debian.org
On Tue, 27 Nov 2001 17:41, Giacomo Catenazzi wrote:
> > PS I hope to have some test packages of SE-Linux enabled utilities on > > http://www.coker.com.au/selinux/ within 24 hours, and a complete set of > > SE-Linux Debian packages (apart from [xkg]dm) within a week. > > do you need some help?
Yes!
Firstly check out http://www.coker.com.au/selinux/ .
Please test compiling all the source first. First compile the kernel-patch package (it's a build depdendency for libselinux-dev which everything else build-depends on). After installing it build the libselinux-dev and then build the stat package.
Then of course you can't do anything without having a kernel to boot (which is easily done) and a login package to allow you to login (which I haven't packaged yet).
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Tue, 27 Nov 2001, Russell Coker wrote:
> What is probably of more interest to you is the locations that I've put
> header files in, here's what I'm currently installing:
> /usr/include
Well, this will naturally break the build of all of the userland components of SELinux. Why do you need to change the installation directories from what we use?
> /usr/include/linux/flask
This change is probably harmless for building the userland components, since the same #include directives will still work (#include <linux/flask/foo.h>). But what about the <linux/asm-i386/unistd.h> and the <linux/asm-i386/flask/unistd.h> files? These are also needed for building the userland components.
> /usr/include/selinux
This change will require changes to the userland components of SELinux, and I'm not planning on making these changes to our distribution unless there is a real justification. What's wrong with /usr/local/selinux/include?
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Russell Coker <russell_at_coker.com.au>
On Wed, 28 Nov 2001 14:28, Stephen Smalley wrote:
> On Tue, 27 Nov 2001, Russell Coker wrote:
> > What is probably of more interest to you is the locations that I've put
> > header files in, here's what I'm currently installing:
> > /usr/include
>
> Well, this will naturally break the build of all of the userland
> components of SELinux. Why do you need to change the installation
> directories from what we use?
Because no package is allowed to put files in /usr/local !
> > /usr/include/linux/flask
>
> This change is probably harmless for building the userland components,
> since the same #include directives will still work (#include
> <linux/flask/foo.h>).
That's the plan.
> But what about the <linux/asm-i386/unistd.h>
> and the <linux/asm-i386/flask/unistd.h> files? These are also needed
> for building the userland components.
I'm not sure which is the best solution for that yet.
> > /usr/include/selinux
>
> This change will require changes to the userland components of SELinux,
> and I'm not planning on making these changes to our distribution unless
> there is a real justification. What's wrong with
> /usr/local/selinux/include?
It conflicts with the FHS. See section 4.5 and in particular 4.5.1:
This directory should always be empty after first installing a FHS-compliant system. No exceptions to this rule should be made other than the listed directory stubs.
So I could create a /usr/local/selinux directory which is empty if necessary, but I can not put any files in it!
You will have the same issue with getting SE-Linux into any other major distribution. Although Slackware would probably make an exception for it. Also Sun ships Solaris packages containing files in /usr/local so they would probably be happy to do so for their Qube and Raq machines too.
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Thu, 29 Nov 2001, Russell Coker wrote:
> Because no package is allowed to put files in /usr/local !
Well, I suppose that this makes sense for packages that are intended to be installed as part of the base Debian system. But won't your SELinux packages be optional components to be installed after a base install? And if so, then is it really forbidden to use /usr/local?
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Russell Coker <russell_at_coker.com.au>
On Thu, 29 Nov 2001 14:27, Stephen Smalley wrote:
> On Thu, 29 Nov 2001, Russell Coker wrote:
> > Because no package is allowed to put files in /usr/local !
>
> Well, I suppose that this makes sense for packages that are intended to be
> installed as part of the base Debian system. But won't your SELinux
> packages be optional components to be installed after a base install? And
> if so, then is it really forbidden to use /usr/local?
It's forbidden for any Debian packages to put files there for any reason.
Whether a package is optional or required makes no difference.
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Thu, 29 Nov 2001, Russell Coker wrote:
> It's forbidden for any Debian packages to put files there for any reason.
>
> Whether a package is optional or required makes no difference.
Well, maybe we can work toward making our /usr/local/selinux hierarchy and the builds for the userland SELinux components more easily relocatable. If you can contribute suggestions and patches to help with this task, that would be useful. Otherwise, I'm not sure when we'll get to it.
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Flood Randy Capt AFCA/TCAA <randy.flood_at_scott.af.mil>
This seems to be a flaw with the Debian distribution then. Doesn't the Linux filesystems standard (or whatever its called) specify that software should be installed there?
-----Original Message-----
From: Russell Coker [mailto:russell@coker.com.au]
Sent: Thursday, November 29, 2001 10:03 AM
To: Stephen Smalley
Cc: selinux@tycho.nsa.gov
Subject: Re: Fwd: Re: SE Linux packages of login, sshd, tar, stat,
findutils, fileutils, and [xkg]dm
On Thu, 29 Nov 2001 14:27, Stephen Smalley wrote:
> On Thu, 29 Nov 2001, Russell Coker wrote:
> > Because no package is allowed to put files in /usr/local !
>
> Well, I suppose that this makes sense for packages that are intended
to be
> installed as part of the base Debian system. But won't your SELinux
> packages be optional components to be installed after a base install?
And
> if so, then is it really forbidden to use /usr/local?
It's forbidden for any Debian packages to put files there for any reason.
Whether a package is optional or required makes no difference.
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Jose Nazario <jose_at_biocserver.bioc.cwru.edu>
On Thu, 29 Nov 2001, Flood Randy Capt AFCA/TCAA wrote:
> This seems to be a flaw with the Debian distribution then. Doesn't
> the Linux filesystems standard (or whatever its called) specify that
> software should be installed there?
http://www.pathname.com/fhs/2.0/fhs-toc.html
for /usr/local:
http://www.pathname.com/fhs/2.0/fhs-4.6.html
the openbsd hier page is at
http://www.openbsd.org/cgi-bin/man.cgi?query=hier&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
(not that it matters much, this *is* linux and not BSD)
it would seem to come down to "is selinux the base system or an add on?" the distribution model of selinux would indicate that it's an add on, as its not a full fledged distribution.
<opinion>
#include "disclaimer.h"
if debian wants it someplace else, have locally available patches. please don't attempt to apply such standards to everyone else. thank you. it is, after all, why you're a different distro.
$ cat disclaimer.h
#ifndef FLAMESUIT #define FLAMESUIT 1 #endif
i am in no way connected to the SELinux team. i just use it and have a longstanding interest in both filesystem hierarchies, the UNIX model (and Linux deviances from it), and trusted OSes. i am speaking only for myself.
/* EOF */ </opinion>
jose nazario jose@cwru.edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Achim D. Brucker <brucker_at_informatik.uni-freiburg.de>
On Thu, Nov 29, 2001 at 11:08:00AM -0600, Flood Randy Capt AFCA/TCAA wrote:
>
> This seems to be a flaw with the Debian distribution then. Doesn't the
> Linux filesystems standard (or whatever its called) specify that
> software should be installed there?
No it is not a flaw ;-).
The main argument/idea is, that the directories
/usr/local and /opt are 100% controlled by the local policy, therefore no
package controlled through the packet manager is allowed to put files in
there. The main advante for the system administrator is, that is can do
whatever he wants below /usr/local without the risk of breaking the
packet manager. Personally I like this very much and it perfectly conforms
to the Linux file system standard.
When I remember correctly, the packages officially distributed by Suse or
Redhat do not write files into /usr/local. Surely there are rpms (and even
debs) floating around the net, which install files below /usr/local, but they
are not distributed as official parts of any the distribution (I assume this
for Redhat/Mandrake/Suse and it is a strict policy for Debian). When SE-Linux
is included in Debian (which I wish), it has to play the game of the Debian
Guidelines because it would be an official part of the distribution.
Best wishes
Achim
-- Achim D. Brucker, brucker@informatik.uni-freiburg.de http://www.informatik.uni-freiburg.de/~brucker pgp-key on request: send mail with subject: public-key Those who do not understand Unix are condemned to reinvent it, poorly. -- Henry Spencer -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Russell Coker <russell_at_coker.com.au>
On Thu, 29 Nov 2001 18:08, Flood Randy Capt AFCA/TCAA wrote:
> This seems to be a flaw with the Debian distribution then. Doesn't the
> Linux filesystems standard (or whatever its called) specify that
> software should be installed there?
Please read the specs. Software installed by "make install" or equivalent belongs in /usr/local, software installed in packages as part of the OS belongs elsewhere.
My aim is to produce packages ot SE-Linux for Debian not to write a wrapper around "make install" (if the latter was my aim I'd have completed it long ago and moved on to other projects).
On Thu, 29 Nov 2001 19:04, Jose Nazario wrote:
> it would seem to come down to "is selinux the base system or an add on?"
> the distribution model of selinux would indicate that it's an add on, as
> its not a full fledged distribution.
It's an add on if it's installed by "make install". It's part of the base system if it's installed by dpkg or dselect.
If we use your logic then almost everything is an add-on and everything will be in /usr/local...
> <opinion>
> #include "disclaimer.h"
>
> if debian wants it someplace else, have locally available patches. please
> don't attempt to apply such standards to everyone else. thank you. it is,
> after all, why you're a different distro.
Yes, Debian is the distribution that most closely follows standards such as the FHS (FSSTD) and the LSB. Anyone who wants to write software that is incompatible with such standards is free to do so. It'll limit acceptance of their software.
Then of course if we can't get agreement between all the distributions (Debian, Red Hat, SUSE, etc) on how to change such software to make it comply to relevant standards then everyone will suffer.
On Thu, 29 Nov 2001 20:48, Achim D. Brucker wrote:
> No it is not a flaw ;-).
> The main argument/idea is, that the directories
> /usr/local and /opt are 100% controlled by the local policy, therefore no
Absolutely!
> package controlled through the packet manager is allowed to put files in
> there. The main advante for the system administrator is, that is can do
> whatever he wants below /usr/local without the risk of breaking the
> packet manager.
I think that the risk of the package manager breaking what the administrator does is just as great. Sometimes I want to have two copies of the same program installed, a package and a custom version in /usr/local.
> Personally I like this very much and it perfectly conforms
> to the Linux file system standard.
Also conforms to common practise over the last 10+ years.
> When I remember correctly, the packages officially distributed by Suse or
> Redhat do not write files into /usr/local. Surely there are rpms (and even
> debs) floating around the net, which install files below /usr/local, but
> they are not distributed as official parts of any the distribution (I
> assume this for Redhat/Mandrake/Suse and it is a strict policy for Debian).
Yes. Sun is the only vendor I've come across that ships packages that mess with /usr/local. They seem to think that a Sun package of bash for Solaris 2.6 (distributed from a Sun web site) should install to /usr/local/bin while a package for Solaris 8.0 (distributed on the install CDs) should be in /bin. This sort of thing really sucks when you are trying to manage a network.
> When SE-Linux is included in Debian (which I wish), it has to play the
> game of the Debian Guidelines because it would be an official part of the
> distribution.
Absolutely!
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Tom <tom_at_lemuria.org>
On Fri, Nov 30, 2001 at 08:13:14PM +0100, Russell Coker wrote:
> Yes. Sun is the only vendor I've come across that ships packages that mess
> with /usr/local. They seem to think that a Sun package of bash for Solaris
> 2.6 (distributed from a Sun web site) should install to /usr/local/bin while
> a package for Solaris 8.0 (distributed on the install CDs) should be in /bin.
> This sort of thing really sucks when you are trying to manage a network.
OpenBSD also does this. bash is in /usr/local/bin even though it's not a port or a 3rd party piece, but an official package.
I agree on that not being good practice. I don't know that rationale for these, though.
-- http://web.lemuria.org/pubkey.html pub 1024D/D88D35A6 2001-11-14 Tom Vogt <tom@lemuria.org> Key fingerprint = 276B B7BB E4D8 FCCE DB8F F965 310B 811A D88D 35A6 -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Jesse Pollard <jesse_at_cats-chateau.net>
On Friday 30 November 2001 16:17, Tom wrote:
> On Fri, Nov 30, 2001 at 08:13:14PM +0100, Russell Coker wrote:
> > Yes. Sun is the only vendor I've come across that ships packages that
> > mess with /usr/local. They seem to think that a Sun package of bash for
> > Solaris 2.6 (distributed from a Sun web site) should install to
> > /usr/local/bin while a package for Solaris 8.0 (distributed on the
> > install CDs) should be in /bin. This sort of thing really sucks when you
> > are trying to manage a network.
>
> OpenBSD also does this. bash is in /usr/local/bin even though it's not
> a port or a 3rd party piece, but an official package.
>
> I agree on that not being good practice. I don't know that rationale
> for these, though.
I can give a rationale, but can't promise it as the real one...
These "packages" are NOT part of Solaris. They are "contributed" packages that may not be upgraded, may not be patched, nor are they required to even work.
The /bin and friends are part of Solaris. If they cause security problems, then Sun is obliged to provide patches/updates. Not so for /usr/local. If theres a problem, you remove or don't install them.
The stuff in /usr/local is not contractually maintained....
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Russell Coker <russell_at_coker.com.au>
On Sat, 1 Dec 2001 01:46, Jesse Pollard wrote:
> > > Yes. Sun is the only vendor I've come across that ships packages that
> > > mess with /usr/local. They seem to think that a Sun package of bash
> > > for Solaris 2.6 (distributed from a Sun web site) should install to
> > > /usr/local/bin while a package for Solaris 8.0 (distributed on the
> > > install CDs) should be in /bin. This sort of thing really sucks when
> > > you are trying to manage a network.
> >
> > OpenBSD also does this. bash is in /usr/local/bin even though it's not
> > a port or a 3rd party piece, but an official package.
> >
> > I agree on that not being good practice. I don't know that rationale
> > for these, though.
>
> I can give a rationale, but can't promise it as the real one...
>
> These "packages" are NOT part of Solaris. They are "contributed" packages
> that may not be upgraded, may not be patched, nor are they required to even
> work.
>
> The /bin and friends are part of Solaris. If they cause security problems,
> then Sun is obliged to provide patches/updates. Not so for /usr/local. If
> theres a problem, you remove or don't install them.
>
> The stuff in /usr/local is not contractually maintained....
When an important security related package such as syslogd has a bug that allows it to be killed by users (or remotely killed if listening to the network) it's still not serious enough for Sun to fix it. Solaris 2.6 syslogd has been known as buggy for years and Sun have announced plans to never fix it.
I'm sure that the contrib packages will get updated when there's an upstream fix for a security issue.
I can't see any difference between the packages for /bin and the packages for /usr/local/bin in this regard. If anything the ones in /usr/local/bin have better support I think.
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Jesse Pollard <jesse_at_cats-chateau.net>
On Saturday 01 December 2001 03:00, Russell Coker wrote:
> On Sat, 1 Dec 2001 01:46, Jesse Pollard wrote:
> > > > Yes. Sun is the only vendor I've come across that ships packages
> > > > that mess with /usr/local. They seem to think that a Sun package of
> > > > bash for Solaris 2.6 (distributed from a Sun web site) should install
> > > > to /usr/local/bin while a package for Solaris 8.0 (distributed on the
> > > > install CDs) should be in /bin. This sort of thing really sucks when
> > > > you are trying to manage a network.
> > >
> > > OpenBSD also does this. bash is in /usr/local/bin even though it's not
> > > a port or a 3rd party piece, but an official package.
> > >
> > > I agree on that not being good practice. I don't know that rationale
> > > for these, though.
> >
> > I can give a rationale, but can't promise it as the real one...
> >
> > These "packages" are NOT part of Solaris. They are "contributed" packages
> > that may not be upgraded, may not be patched, nor are they required to
> > even work.
> >
> > The /bin and friends are part of Solaris. If they cause security
> > problems, then Sun is obliged to provide patches/updates. Not so for
> > /usr/local. If theres a problem, you remove or don't install them.
> >
> > The stuff in /usr/local is not contractually maintained....
>
> When an important security related package such as syslogd has a bug that
> allows it to be killed by users (or remotely killed if listening to the
> network) it's still not serious enough for Sun to fix it. Solaris 2.6
> syslogd has been known as buggy for years and Sun have announced plans to
> never fix it.
>
> I'm sure that the contrib packages will get updated when there's an
> upstream fix for a security issue.
>
> I can't see any difference between the packages for /bin and the packages
> for /usr/local/bin in this regard. If anything the ones in /usr/local/bin
> have better support I think.
I don't believe sun is supporting 2.6 at all now. You will have to update the OS to get any fixes. Unless some volunteer at sun (or elsewere) updates the the "contributed" packages they won't be updated at all.
The difference is that Sun doesn't pay employees to work on packages for /usr/local. They do pay for the core distribution.
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Dale Amon <amon_at_vnl.com>
I'm sort of on hold until I figure out the best way
to work around this problem with libwrap not exising
in sid.
Rich: have you seen this? I'd rather match my solution to yours rather than go reinventing wheels.
In case you didn't read the earlier posting, in the selinux utils install ssh is looking for libwrap during a .configure and dying. sid dist has libwrap0 which I already have installed.
--
Nuke bin Laden: Dale Amon, CEO/MD
improve the global Islandone Society
gene pool. www.islandone.org
------------------------------------------------------
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
On Mon, 17 Dec 2001 17:48, Dale Amon wrote:
> I'm sort of on hold until I figure out the best way
> to work around this problem with libwrap not exising
> in sid.
It does exist though.
> In case you didn't read the earlier posting, in the
> selinux utils install ssh is looking for libwrap during
> a .configure and dying. sid dist has libwrap0 which
> I already have installed.
What about libwrap0-dev? libwrap0-dev is what you need to compile programs that use TCP wrappers.
-- http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/projects.html Projects I am working on http://www.coker.com.au/~russell/ My home page -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT