[redhat-lspp] mls kickstart install for FC5

Russell Coker rcoker at redhat.com
Fri Apr 14 12:57:32 UTC 2006 

Some people asked for advice on an automated MLS install.  I've setup a
quick hack install of MLS:

Add the following to %packages:
selinux-policy-mls


Have an NFS server with the attached files as well as
libsemanage-1.6.2-1.i386.rpm  policycoreutils-1.30.4-4.i386.rpm
libsepol-1.12.5-1.i386.rpm (or make other appropriate arrangements for
the kickstart process to get them).  These files are needed because a
patched version of policycoreutils is needed for prefix support.  I
could have built an rpm, but this method isn't going to be any more
painful for you.

Add the following to %post:
mount server:/export /mnt
rpm -U /mnt/*rpm
cp /mnt/semanage /usr/sbin
cp /mnt/seobject.py /usr/lib/python2.4/site-packages/seobject.py
umount /mnt
lokkit -q -n --selinuxtype=mls
setenforce 0
load_policy 2>&1 | grep -v no.longer.in.policy
# password is "123456", change to taste
useradd secadm -p \$1\$FDvduUtz\$Qq0YieHzBoeBHvPj0y55b/
sed -e s/:500:500:/:0:0:/ < /etc/passwd > /etc/passwd.new
mv /etc/passwd.new /etc/passwd
semanage user -a -L SystemHigh -r SystemHigh -R secadm_r -P secadm \
secadm
semanage login -a -s secadm -r SystemHigh secadm
/sbin/fixfiles restore


Of course what we really want is anaconda support for loading a policy
of your choice before installing any files, among other things such
anaconda support would avoid wasting time with "fixfiles restore".  But
I don't expect that to happen for a while, so I guess I'll have to make
a hacked-up install CD to do it.


PS  Watch virtual console 3 during the postinst.  This method is rather
fragile and any failure will break later things.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: semanage
Type: text/x-python
Size: 7798 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060414/8b61a5f3/attachment.py>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: seobject.py
Type: text/x-python
Size: 38959 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20060414/8b61a5f3/attachment-0001.py>

More information about the redhat-lspp mailing list