[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] [Fwd: Fwd: Re: SELinux]
--- Begin Message ---
Stupid suse-security won't let me post via gmane, so I send this reply
directly to you. If you want you can forward the following mail to the
suse-security list so others see it.
,--------------- Forwarded Mail
Subject: Re: SELinux
From: Thomas Bleher <bleher@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Sep 2004 10:18:49 +0200
Jophn Deo wrote:
> I would like to know if SuSE has plans to integrate SELinux in YAST.For
> example with the other security setting ,easy local . ....paranoid local.
> Would be revolutionair if SuSE had a GUI interface in YAST to SELinux.
> Dreams are deceptive. My question is: Are there specific SuSE SELinux
> howto's or other documents regarding SELinux on SuSE 9.1 ?
> 1)Do i have to recompile the kernel
> 2)Is SELinux policy implementing ready on SuSE 9.1 ?
> 3)Are there SuSE 9.1 policy examples?
As Richie already noted, I have done some work for SELinux on SuSE 9.0. I
have no 9.1 box here so I can't really say how well those packages work
there but a few people have reported success.
As for the state of SELinux in vanilla Suse, see my posting to the
SELinux-ML. I don't know if the packages have been updated since then.
Policy: You might want to start with the policy from my site.
It might not fit perfectly with 9.1 and is still a work in progress but
policy for most daemons should be there. Put your policy sources
under /etc/selinux/strict/policy/src/ . Create a file /etc/selinux/config
with the two lines
(or permissive or disabled)
A few other people are currently working on 9.1 support. See the
following discussion on the mailing list. You might want to contact them if
you want to do serious SELinux work so you can coordinate.
--- End Message ---
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here