UNCLASSIFIED - Developing Policies for SELinux on Embedded Systems

HAWKER, Dan 2 (external) Dan.HAWKER at uk4.astrium.eads.net
Tue Jan 8 11:52:14 UTC 2008



Hi All,

Am very much a SELinux Policy Newbie, so please be gentle :)

Have been tasked with generating a series of SELinux policies for some
embedded Linux devices we are developing. Naturally, time is not in
abundance :(

The target system is a special stripped-down FC4 variant (i386, about
80MB footprint), we have developed in-house for our embedded platform
and runs a custom 2.6.12ish kernel with some modifications for the
target hardware.

I planned to start with the base reference policy, strip out the bits we
don't need (it only runs our own apps plus the minimum to boot) and then
add policies for our apps. All presuming the relatively old kernel we
are using can handle the ref policy and subsequent libselinux, etc
updates of course.

Obviously with time being of the essence, I'd like a quick and easy way
of developing the appropriate policies. I have looked at the tools that
are available at present (SLIDE, SETools, etc) however tbh am a bit
confused about what would be the best way forward and whether it'll all
work as expected before I spend days/weeks of development time down a
dead end.

Naturally the embedded nature of the hardware means I am unable to
develop directly on the target and as such SLIDE seems a good tool and
with the SLIDERemote, would seem a good fit, (install SLIDE on my RHEL5
DevBox and connect to my remote target, which has network access but
limited onboard resources). However am just unsure as to whether it will
work as expected or indeed if there is another better route or toolset I
should take.

Any ideas/insights gratefully received :)

Thanks for any help

Dan

--

Dan Hawker
Linux System Administrator
Astrium
http://www.astrium.eads.net

-- 

This email (including any attachments) may contain confidential and/or
privileged information or information otherwise protected from disclosure.
If you are not the intended recipient, please notify the sender
immediately, do not copy this message or any attachments and do not use it
for any purpose or disclose its content to any person, but delete this
message and any attachments from your system. Astrium disclaims any and all
liability if this email transmission was virus corrupted, altered or
falsified.
---------------------------------------------------------------------
Astrium Limited, Registered in England and Wales No. 2449259
REGISTERED OFFICE:-
Gunnels Wood Road, Stevenage, Hertfordshire, SG1 2AS, England




More information about the fedora-selinux-list mailing list