On Mon, Feb 16, 2009 at 2:35 PM, Russell Coker <russell@xxxxxxxxxxxx> wrote: > On Tue, 17 Feb 2009, Justin Mattock <justinmattock@xxxxxxxxx> wrote: >> The issue I have is using dpkg/or apt-get already has the right >> patch applied and init already compiled in, in accordance to the distro. > > If you take the original source plus the Debian patch and use it in place of > the original source for your LFS build then it should be fine. > I took the original source from the debian sid site + 40_selinux.patch and saw no signs of loading a policy. heres the location of the patch: http://patch-tracking.debian.net/package/sysvinit/2.86.ds1-61 maybe I should add some more patches besides 40_selinux. >> doing a (LFS) tutorial, under the documentation >> has me building everything from the source. >> (a lot of work, but worth the learning experience); > > It's also a learning experience to contribute to the integration of SE Linux > in a major distribution such as Debian, Gentoo, or Fedora. I think that in > the long run there would be more benefits to both you personally and the > community if you were to contribute to one of these projects. I suggest that > you choose Debian, but I admit to being biased in this regard. ;) > Well I did a debootstrap installation a few days ago, but then said to myself how do I do all the stuff that debootstrap does. then one thing led to the next, weeks later and here I am. as a side note: one of the main goals right (as a test) is to see what happens to the system when one atomically sync's all the libs/apps to the processor using CFLAGS etc..(curious to see the performance as well as any kind of bug fixes); >> In any case, I suppose I can just copy /sbin/init from an existing >> debian system but, then I might have issues with the >> arch being different. > > No, that should work. > to my amazement it did work (I compile sysv normally on the new system then just copied init from a running debian to the new system). on the other hand I'm seeing other issues at the moment besides init: I dont have any file labels i.g. ls -Z shows:(/bin as an example) drwxr-xr-x 2 root root ? 4096 Feb 16 22:38 bin that question mark is on all files. if I do a id -Z id: --context (-Z) works only on a SELinux-enabled kernel (keep in mind I still have to configure my /etc/ group/passwd files, so this might have something to do with it); > -- > russell@xxxxxxxxxxxx > http://etbe.coker.com.au/ My Main Blog > http://doc.coker.com.au/ My Documents Blog > Overall SELinux does load and there are avc being generated. I think I just need to start from the beginning and make sure things are proper. -- Justin P. Mattock -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
