Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List[RFC] Kernel .config options for building LTP SECURITY TESTS
From: Subrata Modak <subrata_at_linux.vnet.ibm.com>
Date: Tue, 04 Nov 2008 17:16:05 +0530
Are there any more .config options required to be set/unset for compiling 2.6.27 with all LSM enabled, apart from below: CONFIG_SECURITY=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_FILE_CAPABILITIES=y CONFIG_SECURITY_ROOTPLUG=y CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT=y CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=y CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE=19 CONFIG_SECURITY_SMACK=y I would like to run the filecaps and selinux tests in LTP and may be any SMACK tests in future. Will it create a problem if kernel is built with both below options set:
CONFIG_SECURITY_SMACK=y
A great help would be in the form of a patch in updating: http://ltp.cvs.sourceforge.net/viewvc/ltp/ltp/testcases/kernel/security/selinux-testsuite/README in terms of exact SELinux policy(s) and userspace tool(s) to be installed (from where to get and where to put) to build and run the SELinux testsuite, supposing that a new kernel is built and no SELinux policies/uerspace tools existed there before.
Regards--
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 4 Nov 2008 - 06:46:15 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |