Best way to get started?
Russell Coker
russell at coker.com.au
Sun Mar 7 04:05:27 UTC 2004
On Sun, 7 Mar 2004 10:00, Josh Boyer <jwboyer at charter.net> wrote:
> On Saturday 06 March 2004 03:59 pm, James Morris wrote:
> > cd /etc/security/selinux/src/policy
> > make
> > make relabel
> >
> > Then reboot. That was a little while back, so the full yum upgrade might
> > be a good idea too.
>
> what does the reboot do that 'make load' doesn't? so far when tinkering
> around with some .te files, i have always just done a 'make load' and
> restarted the app and the changes take effect.
For such things I generally boot with "init=/bin/bash", mount the file
systems, /proc, /selinux, then do "make load ; make relabel" and then
"exec init".
For machines where I don't have console access (EG logging in by ssh) I just
run "make load ; make relabel", then restart all processes to get the right
context, starting with "telinit u" to restart init, "killall -9 mingetty",
using "runcon root:sysadm_r:sysadm_t /bin/bash" to get a shell in the right
context for restarting daemons, and then restarting sshd etc. This method
works well once you've had some practise, I've even upgraded machines to SE
Linux without being on the same continent.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list