Sl

Материал из ALT Linux Wiki

Howto get working SeLinux AltLinux policy

Install policy

Install package selinux-policy-altlinux

Update Grub config

Update configuration GRUB's file: /etc/sysconfig/grub2:

GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'

It is also possible to add:

  • enforcing=1
  • log_buf_len=1M
grub-mkconfig  > /boot/grub/grub.cfg

PAM configuration

  • Add to /etc/pam.d/newrole before pam_namespace.so module
session        required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config
  • Add to /etc/pam.d/common-login:
# The first `session' module
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
# The last `session' module
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open verbose


ALT Linux aspects

newrole modifications

Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git