SELinux

From ArchWiki
Revision as of 10:25, 12 October 2007 by Sergej (Talk | contribs) (New page: {{stub}} ==Installing== You should install at least selinux-kernel, selinux-pam, selinux-usr-policycoreutils-svn, selinux-refpolicy-src. ===Package description=== ====selinux-coreutils...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:SELinux#)

Installing

You should install at least selinux-kernel, selinux-pam, selinux-usr-policycoreutils-svn, selinux-refpolicy-src.

Package description

selinux-coreutils

Modified coreutils package compiled with selinux.

selinux-flex

Flex version needed only for build checkpolicy. Current flex have error causing failure in checkpolicy command.

selinux-kernel26

Selinux enabled kernel.

selinux-pam

pam package with pam_selinux.so.

selinux-refpolicy-src

Reference policy sources.

selinux-sysvinit

sysvinit which loads policy at startup. Be carefull! It fails if selinux policy can not be loaded!

selinux-usr-checkpolicy-svn

selinux-usr-libselinux-svn

selinux-usr-libsemanage-svn

selinux-usr-libsepol-svn

selinux-usr-policycoreutils-svn

SELinux core utils such as newrole, setfiles, etc...

Setting up

  • Edit /etc/fstab and add /selinux
    none                   /selinux      selinuxfs noauto              0      0
  • Mount it.
  • Compile (may be edit) refpolicy with make command in /etc/selinux/refpolicy/src/policy
  • Load policy with 'make load'
  • Relabel filesystem with 'make relabel'
  • Switch to enforced mode with 'echo 1 >/selinux/enforce'