Tuesday, May 4, 2010

SELinux and openSUSE 11.3 Milestone 6

I just installed milestone 6 to test our SELinux functionality... it works! :)

What little steps were solved?
- migration from sysvinit to upstart by adding load_policy to mkinitrd
- enhance yast2 bootloader to also enable pam-selinux and if "Enable SELinux" was chosen
- add additional checks to the selinux-ready script which is part of the selinux-tools package
- updated selinux packages by Pavol

TODO
- automatically enable restorecond and run fixfiles -F relabel etc.
- automatically run setsebool -P init_upstart=1
- a working policy ;-)

Enjoy!

kostenloser Counter

Posted by at
Labels:

2 comments:

Anonymous said...

Once you have a working policy, it should do the setsebool init_upstart=1 for you.

I'm working on it...

May 11, 2010 at 12:30 PM
Anonymous said...

Ok, here's a start at a selinux policy (src rpm) for openSuse 11.3 Milestone 6:

https://build.opensuse.org/package/show?package=selinux-policy-05042010-1.src.rpm&project=home%3Aalanrouse

You can boot to a desktop in enforcing mode (one AVC however). From that point almost everything that would be useful is prohibited.

Enjoy!

May 13, 2010 at 11:40 AM

Post a Comment

Subscribe to: Post Comments (Atom)