Amanda Lynn Rossmiller
sleepynyago at mchsi.com
Sat Jan 10 13:18:12 PST 2004
> An introduction.
probably don't need much - i think anyone who made it
to the main page probably has an idea what hlfs is about..
maybe include a bit about what design decisions were made and why
for the overall system, main differences from vanilla lfs, etc.
a bit about propolice, and if [SELinux|RSBAC] is implemented
a small overview of what it's for.
> Read only root filesystem on first boot.
sounds fun - what's it do?
> If I remember right glibc or gcc make install attempts to send mail to gnu
> after a successfull build. This is a privacy problem and should be broken,
> if it actualy works.
shouldn't take more than a small patch..
what does it try to invoke? mail/sendmail ?
> -Replace /bin/false and /bin/true.
> -Disable some suid stuff. mount and umount for sure.
> -If su is going to be used, sgid might be better.
what's the matter with su?
> -Move /usr/var/locatedb to /var so /usr could posibly be read only. Also if
> this database is owned by another user (bin) updatedb doesn't need to run
> as root.
isn't this default for lfs anyways?
i don't recall having a /usr/var on my current lfs.
should explain a bit the kernel config,
cryptoapi[loop], extensions to ext3, etc
should check into the default configs
and see how they do, might want to
make some new defaults...
if we're using SELinux we've got to add sections for building the tools
and i dunno, is any 2.4.x pre-patched for SELinux?
or do we need those too?
More information about the hlfs-dev