Hello, is SuSE currently supporting NSA SELinux kernel module or does someone work with it? I'd like to know if there is a port to SuSE because the included tools were written under Redhat in the original SELinux release. Thanks in advance, Mark
Hello,
is SuSE currently supporting NSA SELinux kernel module or does someone work with it?
Negative. You need the LSM patch in the kernel for that. I see what I can do to have that one included in the future.
I'd like to know if there is a port to SuSE because the included tools were written under Redhat in the original SELinux release.
The fact that the stuff is developed under Redhat does not mean that it doesn't build on a SuSE. In the contrary: It is more likely to build on a SuSE (if the code is clean) for reasons that I don't want to discuss here in detail (version numbers etc).
Thanks in advance, Mark
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Roman Drahtmueller wrote:
is SuSE currently supporting NSA SELinux kernel module or does someone work with it? Negative. You need the LSM patch in the kernel for that. I see what I can do to have that one included in the future. :( From the NSA homepage I can download even a prepatched kernel. Patching and Compiling the kernel is not the problem...
I'd like to know if there is a port to SuSE because the included tools were written under Redhat in the original SELinux release. The fact that the stuff is developed under Redhat does not mean that it doesn't build on a SuSE. In the contrary: It is more likely to build on a SuSE (if the code is clean) for reasons that I don't want to discuss here in detail (version numbers etc). ... the tools have problems compiling on a default suse install. It is possible, but it's no real fun I admitt.
I think it would be a nice feature for future distributions, if SuSE could look at SELinux and make adjustments so that it can compile with a simple make - make install. LIDS and RSBAC don't have these problems as they don't mess with other packages (util-linux, ssh, crond, ...). Would be really nice if you could ... ;) Mark
On Wednesday 29 May 2002 01:18 pm, you wrote:
Negative. You need the LSM patch in the kernel for that. I see what I can do to have that one included in the future.
Yes, please do that. I am glad to see that someone else is also interested in this.
I think it would be a nice feature for future distributions, if SuSE could look at SELinux and make adjustments
And please attpemt to send the adjustments upstream to the SE Linux people...
so that it can compile with a simple make - make install.
Yes!
LIDS and RSBAC don't have these problems as they don't mess with other packages (util-linux, ssh, crond, ...).
Would be really nice if you could ... ;)
Indeed. I'm sure it's just another one of the half-a-million things on your to-do list, nonetheless, please add it to your to-do list :-) I will probably be attempting to make it work on 8.0 Pro in the near future, but since I am not much of a hacker I don't know how far I'll get with it. JW
* Mark Müller wrote on Wed, May 29, 2002 at 20:18 +0200:
I think it would be a nice feature for future distributions, if SuSE could look at SELinux and make adjustments so that it can compile with a simple make - make install. LIDS and RSBAC don't have these problems as they don't mess with other packages (util-linux, ssh, crond, ...).
Maybe SuSE looks forward to your contribution... If you install it now, you can create an RPM oder patch set. I do not know about LIDS and Co, but maybe they use autoconf and you just need some adaptions/extensions to configure.in; in this case I'm sure LIDS people will like your contribution. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Roman Drahtmueller wrote:
Hello,
is SuSE currently supporting NSA SELinux kernel module or does someone work with it?
Negative. You need the LSM patch in the kernel for that. I see what I can do to have that one included in the future.
will be great, thanks Roman. andre
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 an >Roman Drahtmueller wrote: an >> Negative. You need the LSM patch in the kernel for that. I see what I can an >> do to have that one included in the future. Roman, Do you have any advise for those of us who are wanting to do this _now_, e.g. is there a SuSEified LSM patch alreday produced anywhere -- no matter if it is beta, alpha, or what -- it would help to know of any previous work in this matter. Thanks - -- - ---------------------------------------------------- Jonathan Wilson System Administrator Cedar Creek Software http://www.cedarcreeksoftware.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE89qSFQ5u80xXOLBcRAoE+AJ90fPkq6uLxeAF6POryF87fSLrfMgCfcSEC b25sehUIgn7erey3YIlZtAI= =6iwr -----END PGP SIGNATURE-----
JW wrote:
an >Roman Drahtmueller wrote: an >> Negative. You need the LSM patch in the kernel for that. I see what I can an >> do to have that one included in the future. Roman,
Do you have any advise for those of us who are wanting to do this _now_, e.g. is there a SuSEified LSM patch alreday produced anywhere -- no matter if it is beta, alpha, or what -- it would help to know of any previous work in this matter.
I don't know if there are problems with SuSE running a vanilla kernel patched with LSM. The system boots with it. As I said before, it's not the LSM patch giving me headaches, the tools which need to be built do. Either you modify SELinux files (e.g. disable PAM support in makefiles in order to compile) or you try to install missing header files, libraries etc. and leave SELinux stuff almost unchanged. I would like to know if there is a problem running a vanilla kernel not patched by SuSE?
participants (5)
-
andre -
JW -
Mark Müller -
Roman Drahtmueller -
Steffen Dettmer