Sl
Материал из ALT Linux Wiki
(Различия между версиями)
Stanv (обсуждение | вклад) |
Stanv (обсуждение | вклад) |
||
Строка 13: | Строка 13: | ||
* enforcing=1 | * enforcing=1 | ||
* log_buf_len=1M | * log_buf_len=1M | ||
+ | |||
+ | grub-mkconfig > /boot/grub/grub.cfg | ||
=== PAM configuration === | === PAM configuration === | ||
- | * Add to /etc/pam.d/newrole | + | * Add to /etc/pam.d/newrole before pam_namespace.so module |
- | session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config | + | session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config |
* Add to /etc/pam.d/common-login: | * Add to /etc/pam.d/common-login: |
Версия 10:00, 22 апреля 2013
Содержание |
Howto get working SeLinux AltLinux policy
Install policy
Install package selinux-policy-altlinux
Update Grub config
Update configuration GRUB's file: /etc/sysconfig/grub2:
GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'
It is also possible to add:
- enforcing=1
- log_buf_len=1M
grub-mkconfig > /boot/grub/grub.cfg
PAM configuration
- Add to /etc/pam.d/newrole before pam_namespace.so module
session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config
- Add to /etc/pam.d/common-login:
# The first `session' module # pam_selinux.so close should be the first session rule session required pam_selinux.so close
# The last `session' module # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open verbose
ALT Linux aspects
newrole modifications
Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git