Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List
subject: An SELinux policy for Red Hat 9 Date: Thu, 8 Jul 2004 21:17:43 +0100
TIA! Brad Chapman -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Russell Coker <russell_at_coker.com.au> subject: Re: An SELinux policy for Red Hat 9 Date: Fri, 9 Jul 2004 21:11:55 +1000
Why would you want to do that? Consider Fedora Core 1 as RHL 10, and FC2 as RHL 11 an just upgrade a couple of versions to get SE Linux support. But if you REALLY want to use RHL 9, the current policy should work OK, you just have to make the appropriate changes to pam, logrotate, cron, coreutils, etc. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Bradley Chapman <kakadu_at_gmail.com> subject: Re: An SELinux policy for Red Hat 9 Date: Fri, 9 Jul 2004 12:43:38 +0100
On Fri, 9 Jul 2004 21:11:55 +1000, Russell Coker <russell@coker.com.au> wrote:
I would do that - except for the fact that the system I want to run SELinux on is my personal system, and upgrading it is currently not something I wish to do. I may want to upgrade to FC2 later, but right now I want to stick with RHL9.
> What sort of changes? Path changes? Thanks, Brad -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_epoch.ncsc.mil> subject: Re: An SELinux policy for Red Hat 9 Date: Fri, 09 Jul 2004 08:14:13 -0400
I think Russell is referring to the userland patches for those packages. The current patches and SRPMS in our userland tree are drawn from the Fedora Core development tree, so you are likely to run into dependency problems building them on RH9. And Fedora Core actually includes _many_ other patched userland packages for SELinux; we only maintain a core subset in our tree for reference purposes for people who want to port to other distributions. A few examples of patched userland packages in Fedora Core that are not in our tree include gdm, usermode, atd, and libuser, and there are many others. There is also the issue of glibc security awareness; the RH9 glibc won't enable secure mode upon domain transitions, unlike the Fedora Core glibc. If you truly are limited to using RH9, then you should likely grab an older release of SELinux that was based on RH9. But life will be simpler if you can move to FC2. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Bradley Chapman <kakadu_at_gmail.com> subject: Re: An SELinux policy for Red Hat 9 Date: Fri, 9 Jul 2004 15:52:00 +0100
On Fri, 09 Jul 2004 08:14:13 -0400, Stephen Smalley <sds@epoch.ncsc.mil> wrote:
Oh. I thought the patches mentioned were confined mostly to core system utilities; I had no idea that FC2's modifications for SELlinux were quite that extensive!
>
Well, in light of your recommendations, I will certainly consider such
a move now.
> Brad -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_epoch.ncsc.mil> subject: Re: An SELinux policy for Red Hat 9 Date: Fri, 09 Jul 2004 12:22:18 -0400
No more difficult than usual; you just install the policy-sources RPM and then customize and rebuild as desired. You also likely want setools and setools-gui. However, in general, you may want to do some selective updating of SELinux-related packages from the Fedora development tree after installing FC2 in order to pick up the latest policy, which has been reorganized and partitioned to support multiple policies. This also requires pulling in the SysVinit, libselinux, and policycoreutils from the development tree. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Valdis.Kletnieks_at_vt.edu subject: Re: An SELinux policy for Red Hat 9 Date: Fri, 09 Jul 2004 13:30:21 -0400
> If I do decide to move to FC2, how difficult will it then become to This will of course depend on how divergent your needs are from either the 'targeted' or 'strict' policies already in the tree. The biggest issue is whether you have a custom application that needs policy written (and there's tools to assist in that).
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |