Re: SELinux in netbooted images

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Daniel,
 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#    enforcing - SELinux security policy is enforced.
#    permissive - SELinux prints warnings instead of enforcing.
#    disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#    targeted - Only targeted network daemons are protected.
#    strict - Full SELinux protection.
#    mls - Multi Level Security protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

CentOS 5.2 Kernel
kernel-PAE-2.6.18-92.1.10.el5
 
 
Thanks,
Paulo
 
On Fri, Jan 23, 2009 at 8:38 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paulo Santos wrote:
> Hi all,
>
> I googled a bit about this, but didn't found anything so i decided to send
> this email to get some information/help.
>
> I have several servers running on a netbooted image, which on its base, does
> not contain any selinux related packages.
> Currently I'm installing on the beginning of the boot process the following
> package:
>
> Installing:
>  selinux-policy-targeted  noarch     2.4.6-137.1.el5  updates           911
> k
> Installing for dependencies:
>  audit-libs-python       x86_64     1.6.5-9.el5      base               75 k
>  diffutils               x86_64     2.8.1-15.2.3.el5  base              211
> k
>  libselinux-python       x86_64     1.33.4-5.el5     base               59 k
>  libsemanage             x86_64     1.9.1-3.el5      base              138 k
>  policycoreutils         x86_64     1.33.12-14.el5   base              631 k
>  selinux-policy          noarch     2.4.6-137.1.el5  updates           381 k
>
> In the end i still end up with SELinux disabled.
>
> My question is the following.
> How do i enable SELinux already in runtime, after the boot process finished?
> (or do i need to modify the base image, to contain the selinux packages)
>
>
> I apologize if this information can be found somewhere else, and if this is
> not the correct place to ask the question.
>
> Thanks,
> Paulo
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
What does /etc/selinux/config say?

Are you using a standard kernel?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkl6HLwACgkQrlYvE4MpobMYlwCgymfEuPQT/VRMwTmMdIVPSDnH
JJ8AoMzKzTJhE1GDcxAH9iJAWpFnZec/
=s4IB
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux