No selinux whatsoever
Pablo Iranzo Gómez
Pablo.Iranzo at redhat.com
Fri Jan 18 00:59:02 UTC 2008
On Fri, 18 Jan 2008, John Summerfield wrote:
> Gary Thomas wrote:
> > I'm trying to use anaconda+kickstart to load up a deeply
> > embedded platform. This device will never need nor use
> > selinux, so I want to figure out how to keep it from
> > ever being installed, whatsoever.
>
> You're using the wrong Linux distro; selinux is built into the kernel.
> [root at numbat ~]# grep SELINUX /boot/config-2.6.18-8.1.15.el5 | head -1
> CONFIG_SECURITY_SELINUX=y
> [root at numbat ~]#
One thing is to get the support into kernel, and another one to have all
userspace binaries, libraries and so installed
> > How do I make this happen in the kickstart file?
> >
> > Note: this is such a resource limited platform that simply
> > installing the "selinux-policy-targetted" RPM takes around
> > 5 hours! Hence my desire to never even try.
>
What you need is a minimal installation, so two choices:
"%packages --nobase --excludedocs" and then specify by hand what
you really need
or
install on a big brother system, then remove everything not needed
on your appliance and rsync fs to your device... install grub on storage
device and try if it works or not ;)
> If you want prebuilt binaries I suggest Debian. Note that Debian's
> moving to apparmour, but I don't know what its implications are.
Well, apparmour has raised several complaints about the approach
to security, but in this case, the problem is about CPU muscle to install
in an embedded device, not about SELinux nor AppArmor
Regards
Pablo
More information about the Kickstart-list
mailing list