[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Enabling SELinux on a custom kernel

From: Jan Kasprzak <kas fi muni cz>
To: "Serge E. Hallyn" <serue us ibm com>
Cc: fedora-selinux-list <fedora-selinux-list redhat com>
Subject: Re: Enabling SELinux on a custom kernel
Date: Wed, 9 Jul 2008 16:05:37 +0200

Serge E. Hallyn wrote:
: Quoting Stephen Smalley (sds tycho nsa gov):
: > Your options would seem to be:
: > - use an initrd (easiest),
: > - re-patch your /sbin/init program,
: > - try to do it from inittab or rc.sysinit (but the problem there is that
: > it doesn't get /sbin/init itself into the right domain).
: 
: Aaaah.  I was wondering why my new f9-based kvm image wasn't enabling
: selinux when I started it with "-kernel bzImage".  That's going to be
: a bit of a pain, as I assume I'll have to import the kernel tree into
: the f9 image in order to create an initrd.

	Mkinitrd does not need the kernel tree, just the modules installed
in /lib/modules/`uname -r`, some libraries from /lib{,64}, and some
configuration files (mdadm.conf, fstab, ld.so.conf). I had to iterate
over

	mkinitrd /boot/initrd-2.6.25.10 2.6.25.10

adding --builtin=... options until it succeeded, and the resulting initrd
worked (at least it did load the SELinux policy).

-Yenya

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
>>  If you find yourself arguing with Alan Cox, you’re _probably_ wrong.  <<
>>     --James Morris in "How and Why You Should Become a Kernel Hacker"  <<

References:
- Enabling SELinux on a custom kernel
  - From: Jan Kasprzak
- Re: Enabling SELinux on a custom kernel
  - From: Stephen Smalley
- Re: Enabling SELinux on a custom kernel
  - From: Serge E. Hallyn

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]