SELinux in netbooted images

Paulo Santos santosp at fedoraproject.org
Mon Jan 26 08:07:10 UTC 2009 

Hi Daniel,

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#    enforcing - SELinux security policy is enforced.
#    permissive - SELinux prints warnings instead of enforcing.
#    disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#    targeted - Only targeted network daemons are protected.
#    strict - Full SELinux protection.
#    mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

CentOS 5.2 Kernel
kernel-PAE-2.6.18-92.1.10.el5


Thanks,
Paulo

On Fri, Jan 23, 2009 at 8:38 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Paulo Santos wrote:
> > Hi all,
> >
> > I googled a bit about this, but didn't found anything so i decided to
> send
> > this email to get some information/help.
> >
> > I have several servers running on a netbooted image, which on its base,
> does
> > not contain any selinux related packages.
> > Currently I'm installing on the beginning of the boot process the
> following
> > package:
> >
> > Installing:
> >  selinux-policy-targeted  noarch     2.4.6-137.1.el5  updates
> 911
> > k
> > Installing for dependencies:
> >  audit-libs-python       x86_64     1.6.5-9.el5      base
> 75 k
> >  diffutils               x86_64     2.8.1-15.2.3.el5  base
>  211
> > k
> >  libselinux-python       x86_64     1.33.4-5.el5     base
> 59 k
> >  libsemanage             x86_64     1.9.1-3.el5      base
>  138 k
> >  policycoreutils         x86_64     1.33.12-14.el5   base
>  631 k
> >  selinux-policy          noarch     2.4.6-137.1.el5  updates
> 381 k
> >
> > In the end i still end up with SELinux disabled.
> >
> > My question is the following.
> > How do i enable SELinux already in runtime, after the boot process
> finished?
> > (or do i need to modify the base image, to contain the selinux packages)
> >
> >
> > I apologize if this information can be found somewhere else, and if this
> is
> > not the correct place to ask the question.
> >
> > Thanks,
> > Paulo
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> What does /etc/selinux/config say?
>
> Are you using a standard kernel?
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkl6HLwACgkQrlYvE4MpobMYlwCgymfEuPQT/VRMwTmMdIVPSDnH
> JJ8AoMzKzTJhE1GDcxAH9iJAWpFnZec/
> =s4IB
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090126/245d9d2e/attachment.htm>

More information about the fedora-selinux-list mailing list