SELinux in netbooted images
Paulo Santos
santosp at fedoraproject.org
Mon Jan 26 08:07:10 UTC 2009
Hi Daniel,
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
CentOS 5.2 Kernel
kernel-PAE-2.6.18-92.1.10.el5
Thanks,
Paulo
On Fri, Jan 23, 2009 at 8:38 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Paulo Santos wrote:
> > Hi all,
> >
> > I googled a bit about this, but didn't found anything so i decided to
> send
> > this email to get some information/help.
> >
> > I have several servers running on a netbooted image, which on its base,
> does
> > not contain any selinux related packages.
> > Currently I'm installing on the beginning of the boot process the
> following
> > package:
> >
> > Installing:
> > selinux-policy-targeted noarch 2.4.6-137.1.el5 updates
> 911
> > k
> > Installing for dependencies:
> > audit-libs-python x86_64 1.6.5-9.el5 base
> 75 k
> > diffutils x86_64 2.8.1-15.2.3.el5 base
> 211
> > k
> > libselinux-python x86_64 1.33.4-5.el5 base
> 59 k
> > libsemanage x86_64 1.9.1-3.el5 base
> 138 k
> > policycoreutils x86_64 1.33.12-14.el5 base
> 631 k
> > selinux-policy noarch 2.4.6-137.1.el5 updates
> 381 k
> >
> > In the end i still end up with SELinux disabled.
> >
> > My question is the following.
> > How do i enable SELinux already in runtime, after the boot process
> finished?
> > (or do i need to modify the base image, to contain the selinux packages)
> >
> >
> > I apologize if this information can be found somewhere else, and if this
> is
> > not the correct place to ask the question.
> >
> > Thanks,
> > Paulo
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> What does /etc/selinux/config say?
>
> Are you using a standard kernel?
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkl6HLwACgkQrlYvE4MpobMYlwCgymfEuPQT/VRMwTmMdIVPSDnH
> JJ8AoMzKzTJhE1GDcxAH9iJAWpFnZec/
> =s4IB
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090126/245d9d2e/attachment.htm>
More information about the fedora-selinux-list
mailing list