Re: No selinux whatsoever

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 18 Jan 2008, John Summerfield wrote:

> Gary Thomas wrote:
> > I'm trying to use anaconda+kickstart to load up a deeply
> > embedded platform.  This device will never need nor use
> > selinux, so I want to figure out how to keep it from
> > ever being installed, whatsoever.
>
> You're using the wrong Linux distro; selinux is built into the kernel.
> [root@numbat ~]# grep SELINUX /boot/config-2.6.18-8.1.15.el5 | head -1
> CONFIG_SECURITY_SELINUX=y
> [root@numbat ~]#

One thing is to get the support into kernel, and another one to have all
userspace binaries, libraries and so installed

> > How do I make this happen in the kickstart file?
> >
> > Note: this is such a resource limited platform that simply
> > installing the "selinux-policy-targetted" RPM takes around
> > 5 hours!  Hence my desire to never even try.
>

	What you need is a minimal installation, so two choices:

	"%packages --nobase --excludedocs" and then specify by hand what
you really need

	or

	install on a big brother system, then remove everything not needed
on your appliance and rsync fs to your device... install grub on storage
device and try if it works or not ;)

> If you want prebuilt binaries I suggest Debian. Note that Debian's
> moving to apparmour, but I don't know what its implications are.

	Well, apparmour has raised several complaints about the approach
to security, but in this case, the problem is about CPU muscle to install
in an embedded device, not about SELinux nor AppArmor


	Regards
	Pablo

_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/kickstart-list

[Index of Archives]     [Red Hat General]     [CentOS Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux