Sl
Материал из ALT Linux Wiki
(Различия между версиями)
Stanv (обсуждение | вклад) (Новая страница: «write me Категория:Features Категория:Admin {{Category navigation|title=Features|category=Features|sortkey={{SUBPAGENAME}}}}») |
Stanv (обсуждение | вклад) |
||
Строка 1: | Строка 1: | ||
- | + | == Howto get working SeLinux AltLinux policy == | |
+ | |||
+ | === Install policy === | ||
+ | |||
+ | Install package selinux-policy-altlinux | ||
+ | |||
+ | === Update Grub config === | ||
+ | Update configuration GRUB's file: /etc/sysconfig/grub2: | ||
+ | |||
+ | GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1' | ||
+ | |||
+ | It is also possible to add: | ||
+ | * enforcing=1 | ||
+ | * log_buf_len=1M | ||
+ | |||
+ | === PAM configuration === | ||
+ | |||
+ | * Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module | ||
+ | session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config | ||
+ | |||
+ | * Add to /etc/pam.d/common-login: | ||
+ | |||
+ | # The first `session' module | ||
+ | # pam_selinux.so close should be the first session rule | ||
+ | session required pam_selinux.so close | ||
+ | |||
+ | # The last `session' module | ||
+ | # pam_selinux.so open should only be followed by sessions to be executed in the user context | ||
+ | session required pam_selinux.so open verbose | ||
+ | |||
+ | |||
+ | == ALT Linux aspects == | ||
+ | |||
+ | |||
+ | Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. | ||
+ | For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git | ||
+ | |||
Версия 09:55, 22 апреля 2013
Содержание |
Howto get working SeLinux AltLinux policy
Install policy
Install package selinux-policy-altlinux
Update Grub config
Update configuration GRUB's file: /etc/sysconfig/grub2:
GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'
It is also possible to add:
- enforcing=1
- log_buf_len=1M
PAM configuration
- Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module
session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config
- Add to /etc/pam.d/common-login:
# The first `session' module # pam_selinux.so close should be the first session rule session required pam_selinux.so close
# The last `session' module # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open verbose
ALT Linux aspects
Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git