FC2T2 Upgrade & SELinux

netopml at newview.com netopml at newview.com
Tue Mar 30 14:22:33 UTC 2004


andy at plausible.org (Andy Ross) writes:
> No offense, but I'm hardly a newbie user and the only steps I
> understood above were "reboot". 

Well, if you're hardly a newbie RTFM...

> What's the difference between a policy and a checkpolicy? 

These are 2 different rpms:
Name        : policy                       Relocations: /usr 
Version     : 1.9                               Vendor: Red Hat, Inc.
Release     : 15                            Build Date: Wed 24 Mar 2004
11:28:55 AM EST
Install Date: Mon 29 Mar 2004 11:55:29 AM EST      Build Host:
porky.devel.redhat.com
Group       : System Environment/Base       Source RPM:
policy-1.9-15.src.rpm
Size        : 6473774                          License: GPL
Signature   : DSA/SHA1, Wed 24 Mar 2004 11:47:55 AM EST, Key ID
da84cbd430c9ecf8
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : SELinux example policy configuration
Description :
Security-enhanced Linux is a patch of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

This package contains the SELinux example policy configuration along
with the Flask configuration information and the application
configuration files.

Name        : checkpolicy                  Relocations: /usr 
Version     : 1.8                               Vendor: Red Hat, Inc.
Release     : 1                             Build Date: Mon 15 Mar 2004
08:58:10 AM EST
Install Date: Mon 29 Mar 2004 11:55:27 AM EST      Build Host:
tweety.devel.redhat.com
Group       : Development/System            Source RPM:
checkpolicy-1.8-1.src.rpm
Size        : 105574                           License: GPL
Signature   : DSA/SHA1, Wed 17 Mar 2004 01:25:42 PM EST, Key ID
da84cbd430c9ecf8
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : SELinux policy compiler
Description :
Security-enhanced Linux is a patch of the Linux® kernel and a number
of utilities with enhanced security functionality designed to add
mandatory access controls to Linux.  The Security-enhanced Linux
kernel contains new architectural components originally developed to
improve the security of the Flask operating system. These
architectural components provide general support for the enforcement
of many kinds of mandatory access control policies, including those
based on the concepts of Type Enforcement®, Role-based Access
Control, and Multi-level Security.

This package contains checkpolicy, the SELinux policy compiler.
Only required for building policies.

> Why are the files broken?  What's a label, and what was it set to before
> that was wrong?

The files are not broken but they don't have any roles associated to them
(see a role as a kind of userid, it grants you rights). And for selinux to
be working correctly, you need to set the roles on the filesystem, so when
these files gets loaded the os knows which role to use (you see them by
using the -Z option of ls).

Seriously, I just had to read the FAQ to deduce this, it's far from
covering the whole selinux thing but it's a good beginning...
-- 
Mathieu Chouquet-Stringer              E-Mail : mathieu at newview.com
       Never attribute to malice that which can be adequately
                    explained by stupidity.
                     -- Hanlon's Razor --





More information about the fedora-test-list mailing list