From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: Re: Shadow -> 4.4 Date: Sat, 11 Feb 2017 19:48:07 +0000 Message-ID: <20170211194807.wxxsq4z3jqyrsv5t@wasp> References: <20170119200636.2767-1-contact.ng0@cryptolab.net> <20170120051657.GA27443@jasmine> <87o9z2vvte.fsf@wasp.i-did-not-set--mail-host-address--so-tickle-me> <20170211184723.GA8411@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:45612) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccdcv-0000Zm-Us for guix-devel@gnu.org; Sat, 11 Feb 2017 14:46:35 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ccdcs-0007y2-Rg for guix-devel@gnu.org; Sat, 11 Feb 2017 14:46:33 -0500 Received: from perdizione.investici.org ([2001:41d0:2:33d0::19]:49097) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ccdcs-0007xw-Ht for guix-devel@gnu.org; Sat, 11 Feb 2017 14:46:30 -0500 Content-Disposition: inline In-Reply-To: <20170211184723.GA8411@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org On 17-02-11 13:47:23, Leo Famulari wrote: > On Fri, Jan 20, 2017 at 11:02:05AM +0000, ng0 wrote: > > Leo Famulari writes: > > > > > On Thu, Jan 19, 2017 at 08:06:34PM +0000, contact.ng0@cryptolab.net wrote: > > >> Question: I don't prefer to crash and burn systems, which test is > > >> enough to show that it works? Reconfiguring one of my own systems? > > > > > > Yes. If it breaks your system, you can always reboot into an earlier > > > system generation. Another option is to use a VM. I tested both cases, > > > and it works for me. > > > > > > Would anyone else like to test it? > > > > I have just reconfigured my system and I can login, and use > > sudo. More testing wasn't done. > > I just pushed the patches, after adding a link to the source of the > snprintf patch. Thanks! > > By the way, why don't we build 'shadow' with SELinux support? Are there any reasons _against_ configuring 'shadow' with SELinux support? > > I know everyone is busy, but I think we really should get that > > hardening plan going - or at least come up with a plan on what we > > want now and who's interested/will be involved, etc. > > I agree that we should get moving on this. The project is waiting for > some person or group to start working on it. I'm sure we'd all like to > see progress but many of us are at the limit of how much work we can do. I need to clean up a bit, but I have decided to dedicate some portion of my time to connecting bits and pieces in this area. I made it to part of my roadmap of the GuixSD blend I create, at least some parts of hardening. One person is working on finishing SELinux afaik, I just decided to stick to the libcs. But as you wrote, time is limited. -- ng0 -- https://www.inventati.org/patternsinthechaos/