Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:12.3
selinux-policy
Alan_Rouse-openSUSE_with_SELinux.txt
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Alan_Rouse-openSUSE_with_SELinux.txt of Package selinux-policy
openSUSE with SELinux ~~~~~~~~~~~~~~~~~~~~~ The following procedure describes a way to create a system from openSUSE 11.3 installation media, with SELinux enabled and enforcing, and to produce the necessary RPMs for creating other instances. Be careful not to skip steps. Ignore error message "libsemanage.dbase query: could not query record value ..." in several steps below. 1. Install a default openSUSE 11.3 system (with KDE) 2. Kickoff Launcher -> Computer -> Install/Remove Software * Search tab; enter "selinux" (select Name, Keywords, Summary checkboxes) and click Search button * Right mouse -> All in this List -> Install * Click Accept button * Accept the automatic changes (click Continue) 3. Install utilities required for this procedure * Open terminal * Login as root (su) * zypper install make m4 gcc patch git * usermod -s /sbin/nologin nobody 4. Build selinux policy from source * Get and install selinux-policy-05042010-1.src.rpm * cd /usr/src/packages/SPECS/ * rpmbuild -ba selinux-policy.spec * cd /usr/src/packages/RPMS/noarch * rpm -i selinux-policy-05042010-1.noarch.rpm * rpm -i selinux-policy-targeted-05042010-1.noarch.rpm -- OR, if you already have the two rpms built, just install them and skip the above steps 5. Edit /etc/selinux/config * set SELINUX=permissive * set SELINUXTYPE=targeted 6. Turn on SELinux in permissive mode from the grub boot line * vi /boot/grub/menu.lst * insert "3" for runlevel 3 after the kernel parameter, and at the end "security=selinux selinux=1 enforcing=0" * reboot and login to runlevel 3 7. Perform configurations required for selinux * semanage login -a -s sysadm_u root * semanage login -a -s user_u <unprivileged-user> * fixfiles -F relabel ... does not matter whether or not you ask it to clear out files from /tmp * vi /etc/init.d/boot * insert "restorecon -R /dev" as line 132 * pam-config -d --debug --apparmor * pam-config -a --debug --selinux * Now must fix su since pam-config incorrectly adds pam-selinux.so to su * cd /etc/pam.d/ * cp common-session common-session-su * vi common-session-su - and delete the two lines containing 'pam-selinux' * vi su - and change 'common-session' to 'common-session-su' * edit /boot/grub/menu.lst - remove the "3" so it will boot to desktop * rm /var/log/messages; rm /var/log/audit/audit.log 8. Reboot
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor