SELinux Support in SuSE 9.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I am currently learning about SELinux. Do I just need to do the following to enable SELinux in SuSE 9.2 : - - change the entry in kernel option in grub/lilo config to "selinux=1" - - install libselinux Thank you very much - -- Tedi Heriyanto URL : www.tedi-h.com GPG fingerprint = C02C 7797 0EF0 5D25 798A 0A25 1DD3 6924 57C7 5D78 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB928WHdNpJFfHXXgRAmYUAKCKhNEJQWutpE1Hvveympo+4wcqXACgjctJ dDSpHpaifPDpO5/ygc6GkRY= =DcAn -----END PGP SIGNATURE-----
On Wed, Jan 26, 2005 at 05:21:10PM +0700, Tedi Heriyanto wrote:
Hi all,
I am currently learning about SELinux.
Do I just need to do the following to enable SELinux in SuSE 9.2 : - change the entry in kernel option in grub/lilo config to "selinux=1" - install libselinux
Thank you very much
Well that will enable very basic SELinux support. However all the rest of selinux, the policies etc are not there. So it does not make sense to enable it, it will not change anything. Ciao, Marcus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marcus Meissner wrote: | Well that will enable very basic SELinux support. However all the rest | of selinux, the policies etc are not there. | | So it does not make sense to enable it, it will not change anything. Then, what should I do to enable full support for SELinux ? Recompile and patch the kernel ? - -- Tedi Heriyanto URL : www.tedi-h.com GPG fingerprint = C02C 7797 0EF0 5D25 798A 0A25 1DD3 6924 57C7 5D78 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+H4eHdNpJFfHXXgRAmYVAJ9xVHpSXEvigWJ6RS0KNrCwbx7q0wCcCP/V /PiYAwmVSfY3k1VlA50gZh4= =U2qQ -----END PGP SIGNATURE-----
On Thu, Jan 27, 2005 at 12:37:34PM +0700, Tedi Heriyanto wrote:
Marcus Meissner wrote:
| Well that will enable very basic SELinux support. However all the rest | of selinux, the policies etc are not there. | | So it does not make sense to enable it, it will not change anything. Then, what should I do to enable full support for SELinux ? Recompile and patch the kernel ?
selinux is not just kernel support but requires massive userland support, utilities, policies, patches to userland utilities and so on. SUSE has not yet supplied those patches/policy files/etc, so enabling it in the kernel will just bring kernel instability. Ciao, Marcus
participants (2)
-
Marcus Meissner
-
Tedi Heriyanto