从安装好的gentoo转换到gentoo selinux

linky_fan

向Gentoo SELinux转换（系统文件格式必须是ext2/3,xfs）

1.
# rm -f /etc/make.profile
# ln -sf /usr/portage/profiles/selinux/2004.1/x86 /etc/make.profile

2.Update Kernel Headers
# emerge -s linux-headers
如果安装了gentoolkit 可以这样：
# qpkg -I -v linux-headers
如果linux-headers版本小于2.4.20，必须安装新的
# emerge \>=sys-kernel/linux-headers-2.4.20

3.升级glibc
emerge glibc

4.emerge SELinux的内核
# emerge hardened-dev-sources
make menucofnig时：


Under "Code maturity level options"
Prompt for development and/or incomplete code/drivers

Under "General setup"
Auditing support

Under "File systems"
<*> Second extended fs support (If using ext2)
Ext2 extended attributes
[ ] Ext2 POSIX Access Control Lists
Ext2 Security Labels
<*> Ext3 journalling file system support (If using ext3)
Ext3 extended attributes
[ ] Ext3 POSIX Access Control Lists
Ext3 Security labels
<*> XFS filesystem support (If using XFS)
[ ] Realtime support (EXPERIMENTAL)
[ ] Quota support
[ ] ACL support
Security Labels

[ ] /dev file system support (EXPERIMENTAL)
/dev/pts file system for Unix98 PTYs (This option does not appear in 2.6, it is always on)
/dev/pts Extended Attributes
/dev/pts Security Labels

Under "Security options"
Enable different security models
Socket and Networking Security Hooks
<*> Capabilities Support
NSA SELinux Support
[ ] NSA SELinux boot parameter
[ ] NSA SELinux runtime disable
NSA SELinux Development Support
[ ] NSA SELinux MLS policy (EXPERIMENTAL)



5.重写/etc/fstab
加入:
none /dev/pts devpts gid=5,mode=620 0 0
none /selinux selinuxfs defaults 0 0
建立挂载地点：
# mkdir /selinux
# mkdir /sys

6.引导程序必须加入
gentoo=nodevfs
重启，

7.安装SELinux必要的套件
# emerge libselinux checkpolicy policycoreutils
# emerge selinux-base-policy
# cd /etc/security/selinux/src/policy
# make load

8.安装打有SELinux的系统套件
# emerge sysvinit pam coreutils findutils openssh pam-login procps psmisc shadow util-linux python-selinux
其他可选的有
app-admin/logrotate
sys-apps/fcron
sys-apps/vixie-cron
sys-libs/pwdb

9.卸载不需要的东西
# emerge -C textutils fileutils sh-utils

10.Label Filesystems：
# cd /etc/security/selinux/src/policy
# make relabel
重启再次
# cd /etc/security/selinux/src/policy
# make relabel

ok,done!

cnhnln

内核去掉devfs，然后卸载devfsd，还用给grub里的内核传到nodevfs参数吗？
2.6内核一经包含SELinux了，不用hardened-dev-sources，gentoo-dev-sources就行了吧