Sl

Материал из ALT Linux Wiki

(Различия между версиями)
Перейти к: навигация, поиск
(Новая страница: «write me Категория:Features Категория:Admin {{Category navigation|title=Features|category=Features|sortkey={{SUBPAGENAME}}}}»)
Строка 1: Строка 1:
-
write me
+
== Howto get working SeLinux AltLinux policy ==
 +
 
 +
=== Install policy ===
 +
 
 +
Install package selinux-policy-altlinux
 +
 
 +
=== Update Grub config ===
 +
Update configuration GRUB's file: /etc/sysconfig/grub2:
 +
 
 +
GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'
 +
 
 +
It is also possible to add:
 +
* enforcing=1
 +
* log_buf_len=1M
 +
 
 +
=== PAM configuration ===
 +
 
 +
* Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module
 +
session        required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config
 +
 
 +
* Add to /etc/pam.d/common-login:
 +
 
 +
# The first `session' module
 +
# pam_selinux.so close should be the first session rule
 +
session    required    pam_selinux.so close
 +
 
 +
# The last `session' module
 +
# pam_selinux.so open should only be followed by sessions to be executed in the user context
 +
session    required    pam_selinux.so open verbose
 +
 
 +
 
 +
== ALT Linux aspects ==
 +
 
 +
 
 +
Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities:  CAP_SETGID & CAP_AUDIT_WRITE.
 +
For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git
 +
 

Версия 09:55, 22 апреля 2013

Содержание

Howto get working SeLinux AltLinux policy

Install policy

Install package selinux-policy-altlinux

Update Grub config

Update configuration GRUB's file: /etc/sysconfig/grub2:

GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'

It is also possible to add:

  • enforcing=1
  • log_buf_len=1M

PAM configuration

  • Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module

session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config

  • Add to /etc/pam.d/common-login: 
# The first `session' module
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close

# The last `session' module
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open verbose


ALT Linux aspects

Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git

Features

Features • Features/ChrootedServices • Features/Core • Features/D Programming • Features/OwKernel • Features/PermitRootLoginNo • Sl • Slapp • Slpsql • Sltodo • Slx • Воспроизводимая сборка • Преимущества ALT Linux перед Mandriva

 
 
Личные инструменты