[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] [Fwd: Fwd: Re: SELinux]



--- Begin Message ---
Stupid suse-security won't let me post via gmane, so I send this reply
directly to you. If you want you can forward the following mail to the
suse-security list so others see it.

Thomas

,--------------- Forwarded Mail

 Subject: Re: SELinux
 From: Thomas Bleher <bleher@xxxxxxxxxxxxxxxxxxxxxxxxxx>
 Date: Mon, 20 Sep 2004 10:18:49 +0200
 Newsgroup: gmane.linux.suse.security

 Jophn Deo wrote:
 > I would like to know if SuSE has plans to integrate SELinux in YAST.For
 > example with the other security setting ,easy local . ....paranoid local.
 > Would be revolutionair if SuSE had a GUI interface in YAST to SELinux.
 > 
 > Dreams are deceptive. My question is: Are there specific SuSE SELinux
 > howto's or other documents regarding SELinux on SuSE 9.1 ?
 > 
 > 1)Do i have to recompile the kernel
 > 2)Is SELinux policy implementing ready on SuSE 9.1 ?
 > 3)Are there SuSE 9.1 policy examples?
 
 As Richie already noted, I have done some work for SELinux on SuSE 9.0. I
 have no 9.1 box here so I can't really say how well those packages work
 there but a few people have reported success.
 As for the state of SELinux in vanilla Suse, see my posting[0] to the
 SELinux-ML. I don't know if the packages have been updated since then.
 
 Policy: You might want to start with the policy from my site[1].
 It might not fit perfectly with 9.1 and is still a work in progress but
 policy for most daemons should be there. Put your policy sources
 under /etc/selinux/strict/policy/src/ . Create a file /etc/selinux/config
 with the two lines
  SELINUXTYPE=strict
  SELINUX=enforcing
 (or permissive or disabled)
 
 A few other people are currently working on 9.1 support[2]. See the
 following discussion on the mailing list. You might want to contact them if
 you want to do serious SELinux work so you can coordinate.
 
 HTH,
 Thomas
 
 
 [0]: http://marc.theaimsgroup.com/?l=selinux&m=108467138506413&w=2
 [1]: 
http://www.cip.ifi.lmu.de/~bleher/cgi-bin/archzoom.cgi/tbleher%40gmx.de--selinux/policy--suse--0
 [2]: http://marc.theaimsgroup.com/?l=selinux&m=109444302411576&w=2




--- End Message ---
-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here