[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Enabling SELinux on a custom kernel

From: Stephen Smalley <sds tycho nsa gov>
To: Jan Kasprzak <kas fi muni cz>
Cc: fedora-selinux-list <fedora-selinux-list redhat com>
Subject: Re: Enabling SELinux on a custom kernel
Date: Tue, 08 Jul 2008 08:24:07 -0400

On Tue, 2008-07-08 at 11:10 +0200, Jan Kasprzak wrote:
> 	Hello,
> 
> 	how do I enable SELinux on a custom kernel? I have looked into
> the system initrd, and it seems the policy is loaded by the "loadpolicy"
> command in nash. Is it possible to use SELinux with Fedora without
> having to use initrd?

Prior to Fedora 9, Fedora used a patched /sbin/init program to perform
the initial policy load (it would load policy and then re-exec itself in
order to enter the correct domain).  Fedora 9 switched over to loading
policy from the initrd.

Your options would seem to be:
- use an initrd (easiest),
- re-patch your /sbin/init program,
- try to do it from inittab or rc.sysinit (but the problem there is that
it doesn't get /sbin/init itself into the right domain).

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Postfix avcs (Re: Enabling SELinux on a custom kernel)
  - From: Jan Kasprzak
- Re: Enabling SELinux on a custom kernel
  - From: Serge E. Hallyn

References:
- Enabling SELinux on a custom kernel
  - From: Jan Kasprzak

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]