problems compiling bitkeeper kernels for selinux
Stephen Smalley
sds at epoch.ncsc.mil
Mon Apr 19 12:41:57 UTC 2004
On Sun, 2004-04-18 at 09:31, Thomas Molina wrote:
> My first attempt at using a "stock" kernel has failed miserably and I am
> hoping someone can tell me what I am doing wrong. I synced up my tree to
> be the latest and greatest kernel and recompiled. Loading the resulting
> kernel works fine with selinux=0, but fails miserably with selinux
> enabled, even in permissive mode.
The boot messages indicate that you didn't enable the security xattr
handlers for ext3, so there is no filesystem support for security
labels. From the selinux-doc README:
Under Filesystems, be sure to enable the Ext[23] extended attributes and
Ext[23] Security Labels options (CONFIG_EXT[23]_FS_XATTR,
CONFIG_EXT[23]_FS_SECURITY).
Under Pseudo Filesystems, be sure to enable the /dev/pts
Extended Attributes and /dev/pts Security Labels options
(CONFIG_DEVPTS_FS_XATTR, CONFIG_DEVPTS_FS_SECURITY).
Under Security, be sure to enable all of the following options:
Enable different security models (CONFIG_SECURITY)
Socket and Networking Security Hooks (CONFIG_SECURITY_NETWORK)
Capabilities Support (CONFIG_SECURITY_CAPABILITIES)
NSA SELinux Support (CONFIG_SECURITY_SELINUX)
NSA SELinux Development Support (CONFIG_SECURITY_SELINUX_DEVELOP)
NSA SELinux boot parameter (CONFIG_SECURITY_SELINUX_BOOTPARAM)
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-test-list
mailing list