Hi
I want to try it out.
I’ve found this page: SELinux - openSUSE.
I’ve done everything it says, but nothing happened.
“sestatus” gives me - disabled.
Can anybody tell, can I enable selinux in Opensuse 11.1 at all, and if yes, what else do I have to do for it?
Thanks
If you want to know about the whole attitude here about SE linux then you might read this thread (and use the search engine in the forum).
However, information about security and hands on help on security enhancements like full disk encryption are difficult to get here, and you are well served to “rtfm” and to search for dedicated discussion groups. If you are near to a LUG (linux user group) in your town, you should drop by to see, whether they can help you to make it run. Be aware that for a normal user without sound knowledge of your system and a lot of patience, the use of SE linux without a predefined policy (and Novel as far as I know for Opensuse does not deliver one) is very labor intensive.
There is TOMOYO if you like these solutions, AppArmour is a bit out of race, no really mantained any more. TOMOYO is currently offered by another distribution if I well remember. Just search a bit.
Thanks for suggestions.
I will try something of them.
But I know probably, why selinux doesn’t work:
this from .config:
CONFIG_KEYS=y
CONFIG_KEYS_DEBUG_PROC_KEYS=y
CONFIG_SECURITY=y
CONFIG_SECURITY_DEFAULT=“apparmor”
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_FILE_CAPABILITIES=y
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT=y
CONFIG_SECURITY_APPARMOR=y
CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
CONFIG_SECURITY_APPARMOR_DISABLE=y
CONFIG_XOR_BLOCKS=m
CONFIG_ASYNC_CORE=m
CONFIG_ASYNC_MEMCPY=m
CONFIG_ASYNC_XOR=m
CONFIG_CRYPTO=y
One need to recompile kernel.
Yes this is correct. You need to recompile the kernel for SE.