Results 1 to 4 of 4

Thread: OpenSuse 11.1 and SELinux

  1. #1

    Default OpenSuse 11.1 and SELinux

    Hi

    I want to try it out.
    I've found this page: SELinux - openSUSE.
    I've done everything it says, but nothing happened.

    "sestatus" gives me - disabled.

    Can anybody tell, can I enable selinux in Opensuse 11.1 at all, and if yes, what else do I have to do for it?

    Thanks

  2. #2
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: OpenSuse 11.1 and SELinux

    If you want to know about the whole attitude here about SE linux then you might read this thread (and use the search engine in the forum).

    However, information about security and hands on help on security enhancements like full disk encryption are difficult to get here, and you are well served to "rtfm" and to search for dedicated discussion groups. If you are near to a LUG (linux user group) in your town, you should drop by to see, whether they can help you to make it run. Be aware that for a normal user without sound knowledge of your system and a lot of patience, the use of SE linux without a predefined policy (and Novel as far as I know for Opensuse does not deliver one) is very labor intensive.
    There is TOMOYO if you like these solutions, AppArmour is a bit out of race, no really mantained any more. TOMOYO is currently offered by another distribution if I well remember. Just search a bit.
    Just "clicking away" security warnings about a change in repo signature ? Not able to control?
    Then please vote for
    https://features.opensuse.org/312047
    openSUSE should have an efficient web of trust.

  3. #3

    Default Re: OpenSuse 11.1 and SELinux

    Thanks for suggestions.
    I will try something of them.

    But I know probably, why selinux doesn't work:
    this from .config:
    #
    # Security options
    #
    CONFIG_KEYS=y
    CONFIG_KEYS_DEBUG_PROC_KEYS=y
    CONFIG_SECURITY=y
    CONFIG_SECURITY_DEFAULT="apparmor"
    CONFIG_SECURITY_NETWORK=y
    # CONFIG_SECURITY_NETWORK_XFRM is not set
    CONFIG_SECURITY_FILE_CAPABILITIES=y
    CONFIG_SECURITY_SELINUX=y
    CONFIG_SECURITY_SELINUX_BOOTPARAM=y
    CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
    CONFIG_SECURITY_SELINUX_DISABLE=y
    CONFIG_SECURITY_SELINUX_DEVELOP=y
    CONFIG_SECURITY_SELINUX_AVC_STATS=y
    CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
    CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT=y
    # CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
    CONFIG_SECURITY_APPARMOR=y
    CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
    CONFIG_SECURITY_APPARMOR_DISABLE=y
    CONFIG_XOR_BLOCKS=m
    CONFIG_ASYNC_CORE=m
    CONFIG_ASYNC_MEMCPY=m
    CONFIG_ASYNC_XOR=m
    CONFIG_CRYPTO=y

    One need to recompile kernel.

  4. #4
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: OpenSuse 11.1 and SELinux

    Yes this is correct. You need to recompile the kernel for SE.
    Just "clicking away" security warnings about a change in repo signature ? Not able to control?
    Then please vote for
    https://features.opensuse.org/312047
    openSUSE should have an efficient web of trust.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •