Sl: различия между версиями

Версия от 09:55, 22 апреля 2013

Howto get working SeLinux AltLinux policy

Install policy

Install package selinux-policy-altlinux

Update Grub config

Update configuration GRUB's file: /etc/sysconfig/grub2:

GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'

It is also possible to add:

enforcing=1
log_buf_len=1M

PAM configuration

Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module

session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config

Add to /etc/pam.d/common-login:

# The first `session' module
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close

# The last `session' module
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open verbose

ALT Linux aspects

Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git

Features

Features • Features/Core • Features/D Programming • Features/ChrootedServices • Features/OwKernel • Features/PermitRootLoginNo • Sl • Slapp • Slpsql • Sltodo • Slx • Воспроизводимая сборка • Преимущества ALT Linux перед Mandriva

@@ Строка 1: / Строка 1: @@
-write me
+== Howto get working SeLinux AltLinux policy ==
+=== Install policy ===
+Install package selinux-policy-altlinux
+=== Update Grub config ===
+Update configuration GRUB's file: /etc/sysconfig/grub2:
+GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'
+It is also possible to add:
+* enforcing=1
+* log_buf_len=1M
+=== PAM configuration ===
+* Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module
+session        required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config
+* Add to /etc/pam.d/common-login:
+ # The first `session' module
+ # pam_selinux.so close should be the first session rule
+ session    required     pam_selinux.so close
+ # The last `session' module
+ # pam_selinux.so open should only be followed by sessions to be executed in the user context
+ session    required     pam_selinux.so open verbose
+== ALT Linux aspects ==
+Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities:  CAP_SETGID & CAP_AUDIT_WRITE.
+For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git