Enabling SELinux on a custom kernel
Jan Kasprzak
kas at fi.muni.cz
Wed Jul 9 14:05:37 UTC 2008
Serge E. Hallyn wrote:
: Quoting Stephen Smalley (sds at tycho.nsa.gov):
: > Your options would seem to be:
: > - use an initrd (easiest),
: > - re-patch your /sbin/init program,
: > - try to do it from inittab or rc.sysinit (but the problem there is that
: > it doesn't get /sbin/init itself into the right domain).
:
: Aaaah. I was wondering why my new f9-based kvm image wasn't enabling
: selinux when I started it with "-kernel bzImage". That's going to be
: a bit of a pain, as I assume I'll have to import the kernel tree into
: the f9 image in order to create an initrd.
Mkinitrd does not need the kernel tree, just the modules installed
in /lib/modules/`uname -r`, some libraries from /lib{,64}, and some
configuration files (mdadm.conf, fstab, ld.so.conf). I had to iterate
over
mkinitrd /boot/initrd-2.6.25.10 2.6.25.10
adding --builtin=... options until it succeeded, and the resulting initrd
worked (at least it did load the SELinux policy).
-Yenya
--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
>> If you find yourself arguing with Alan Cox, you’re _probably_ wrong. <<
>> --James Morris in "How and Why You Should Become a Kernel Hacker" <<
More information about the fedora-selinux-list
mailing list