The command sestatus is not found. The command apropos SELinux produces no result in Suse 11. Is SELinux enabled in Suse 11? Thanks. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2008-11-29 at 23:52 +0100, Dave Feustel wrote:
The command sestatus is not found. The command apropos SELinux produces no result in Suse 11. Is SELinux enabled in Suse 11?
Afaik, no; suse uses apparmour instead. You can do a text search for the word "SELinux" in the security list and find out more info. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkxzVkACgkQtTMYHG2NR9WOVgCeMfG8wlQ6XRR9D3+16SDxVGET guIAn304sYZUtsp61gZblEAeB1+8DEsK =vjZY -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sun, Nov 30, 2008 at 12:16:37AM +0100, Carlos E. R. wrote:
On Saturday, 2008-11-29 at 23:52 +0100, Dave Feustel wrote:
The command sestatus is not found. The command apropos SELinux produces no result in Suse 11. Is SELinux enabled in Suse 11?
Afaik, no; suse uses apparmour instead.
Googling I found an article saying that SELinux will be part of SUSE 11.1, so I infer that SELinux is not included in SUSE 11.0.
You can do a text search for the word "SELinux" in the security list and find out more info. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday, 2008-11-30 at 00:37 +0100, Dave Feustel wrote:
Googling I found an article saying that SELinux will be part of SUSE 11.1, so I infer that SELinux is not included in SUSE 11.0.
You are right, there is something in 11.1. NOT_nimrodel:~ # apropos selinux pam_selinux (8) - PAM module to set the default security context pam_sepermit (8) - PAM module to allow/deny login depending on SELinux enforcement s... And there is a libselinux library. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkx1gUACgkQtTMYHG2NR9Us6gCeLj9K4d3J7PK64tPoXLlFpdok Ap8An2ipfb5R1tjoTDTj99EAEJEL/BZz =A+z2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 29 November 2008 05:16:37 pm Carlos E. R. wrote:
On Saturday, 2008-11-29 at 23:52 +0100, Dave Feustel wrote:
The command sestatus is not found. The command apropos SELinux produces no result in Suse 11. Is SELinux enabled in Suse 11?
Afaik, no; suse uses apparmour instead.
You can do a text search for the word "SELinux" in the security list and find out more info.
openSUSE 11.1 RC1 Compiled *********************************************** # grep "SELINUX" /boot/config-2.6.27.7-4-pae CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 CONFIG_SECURITY_SELINUX_DISABLE=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT=y # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set Enable or disable *********************************************** selinux [SELINUX] Disable or enable SELinux at boot time. Format: { "0" | "1" } See security/selinux/Kconfig help text. 0 -- disable. 1 -- enable. Default value is set via kernel config option. If enabled at boot time, /selinux/disable can be used later to disable prior to initial policy load. selinux_compat_net = [SELINUX] Set initial selinux_compat_net flag value. Format: { "0" | "1" } 0 -- use new secmark-based packet controls 1 -- use legacy packet controls Default value is 0 (preferred). Value can be changed at runtime via /selinux/compat_net. Packages *********************************************** # zypper se selinux S | Name | Summary | Type --+------------------+-----------------------------------------------------+-------- | libselinux-devel | Development Include Files and Libraries for SELinux | package i | libselinux1 | SELinux library and simple utilities | package | python-selinux | SELinux library and simple utilities | package | ruby-selinux | SELinux library and simple utilities | package | selinux-doc | SELinux documentation | package | selinux-tools | SELinux library and simple utilities | package *********************************************** -- Regards, Rajko -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, Nov 29, 2008 at 11:52:36PM +0100, Dave Feustel wrote:
The command sestatus is not found. The command apropos SELinux produces no result in Suse 11. Is SELinux enabled in Suse 11?
Please use the correct name, "Suse 11" is not helpful. openSUSE 11.1 and SLE 11 contain "basic SELinux support". This means the kernel module can be used (is not enabled by default, AppArmor is default) and the various tools are built against libselinux. The kernel requires a specific kernel boot commandline option to enable it. No specific selinux tools nor policies are included itself, but these can be added by e.g. third parties. (The goal was to provide a base which does not require recompiling the base system for SElinux support.) Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Dave Feustel escribió:
The command sestatus is not found.
Right, there are no user space tools included
Is SELinux enabled in Suse 11?
Yes, but initially only for those that know how to create and/or install their own selinux policies and tools... -- "We have art in order not to die of the truth" - Friedrich Nietzsche Cristian Rodríguez R. Platform/OpenSUSE - Core Services SUSE LINUX Products GmbH Research & Development http://www.opensuse.org/
participants (5)
-
Carlos E. R. -
Cristian Rodríguez -
Dave Feustel -
Marcus Meissner -
Rajko M.