SELinux seems to be in a good state, if any interest in trying it out. (targeted anyway)

[Jim Cornette]

Michel Salim wrote:
> On Fri, 27 Aug 2004 23:46:19 -0400, Jim Cornette
> <fct-cornette at sbcglobal.net> wrote:
> 
>>After a little trouble getting SELinux to boot on my computer, things
>>look promising with the current state of SELinux running in targeted
>>mode and enforcing. (A lot of advice from the SELinux list conversations)
>>
> 
> 
> Does it work right out-of-the-box or are the words of advice given
> needed to set up SELinux? If it's the former I'll gladly guinea pig
> the AMD64 machine I'm getting next week as a test platform when test2
> comes out.
> 
> Thanks,
> 

I'm sure that AMD64 testing will be very valuable to weed out the 
policies and security related items. I'm using an i686 system and even 
cron jobs now report no mislabeled files. This is far different than 
FC2test and SELinux.

To get SELinux setup the below rpms should be installed along with any 
dependent processes.

selinux-policy-targeted
libselinux
selinux-policy-strict

The steps would mostly be to upgrade programs to the latest revision, 
then do something like the below.

Set up your /etc/sysconfig/selinux (actually a symlink to 
/etc/selinux/config ) file to whichever policy desired (strict or 
targeted). Then you would want to setup the mode of enforcement 
(permissive or strict). Permissive displays avc messages in 
/var/log/messages. Strict will halt system at any violation of policy.

Boot into runlevel 1 or 3 as to have minimal open files. Then you want 
to run as root the below command to have your filesystems labeled.
fixfiles relabel

This will take awhile when ran for the first time. After the relabeling 
finishes, restart your system.

These are only my recollection of steps needed to initialize SELinux. 
Check out the SELinux list and appropriate websites for more specific 
information.

Jim

-- 
Another name for a Windows tutorial is "crash course".