Sl: различия между версиями

Версия от 09:56, 22 апреля 2013

Howto get working SeLinux AltLinux policy

Install policy

Install package selinux-policy-altlinux

Update Grub config

Update configuration GRUB's file: /etc/sysconfig/grub2:

GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'

It is also possible to add:

enforcing=1
log_buf_len=1M

PAM configuration

Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module

session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config

Add to /etc/pam.d/common-login:

# The first `session' module
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close

# The last `session' module
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open verbose

ALT Linux aspects

newrole modifications

Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git

Features

Features • Features/Core • Features/D Programming • Features/ChrootedServices • Features/OwKernel • Features/PermitRootLoginNo • Sl • Slapp • Slpsql • Sltodo • Slx • Воспроизводимая сборка • Преимущества ALT Linux перед Mandriva

@@ Строка 32: / Строка 32: @@
 == ALT Linux aspects ==
+=== newrole modifications ===
-Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities:  CAP_SETGID & CAP_AUDIT_WRITE.
+Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE.
 For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git