Roman Drahtmueller wrote:
is SuSE currently supporting NSA SELinux kernel module or does someone work with it? Negative. You need the LSM patch in the kernel for that. I see what I can do to have that one included in the future. :( From the NSA homepage I can download even a prepatched kernel. Patching and Compiling the kernel is not the problem...
I'd like to know if there is a port to SuSE because the included tools were written under Redhat in the original SELinux release. The fact that the stuff is developed under Redhat does not mean that it doesn't build on a SuSE. In the contrary: It is more likely to build on a SuSE (if the code is clean) for reasons that I don't want to discuss here in detail (version numbers etc). ... the tools have problems compiling on a default suse install. It is possible, but it's no real fun I admitt.
I think it would be a nice feature for future distributions, if SuSE could look at SELinux and make adjustments so that it can compile with a simple make - make install. LIDS and RSBAC don't have these problems as they don't mess with other packages (util-linux, ssh, crond, ...). Would be really nice if you could ... ;) Mark