|
|
SELinux的参考链接:
NSA SELinux main website — http://www.nsa.gov/selinux/
NSA SELinux FAQ — http://www.nsa.gov/selinux/info/faq.cfm
http://fedora.redhat.com/docs/selinux-faq-fc2/
http://fedora.redhat.com/docs/selinux-faq-fc3/
SELinux community page — http://selinux.sourceforge.net
UnOfficial FAQ — http://www.crypt.gen.nz/selinux/faq.html
Writing SE Linux policy HOWTO — https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266
Getting Started with SE Linux HOWTO: the new SE Linux (Debian) — https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266
讨论:
On IRC — irc.freenode.net, #fedora-selinux
Fedora mailing list — mailto:[email protected]; read the archives or subscribe at http://www.redhat.com/mailman/listinfo/fedora-selinux-list
基本同gentoo的普通安装方法,
需要注意的几点:
1.下载selinux stage
比如stage1-x86-selinux-2004.2.tar.bz2安装基本系统
chroot时要
# mount -t proc none /mnt/gentoo/proc
# mount -t selinuxfs none /mnt/gentoo/selinux
# chroot /mnt/gentoo /bin/bash
# env-update
# source /etc/profile
# emerge sync.........
2.安装配置内核时(对了,selinux仅支持ext2/3 ,xfs)
selinux-sources (the base 2.4 kernel source with SELinux patch),
hardened-sources (kernel source patched with SELinux and other security features),
hardened-dev-sources (kernel v2.6 source patched with other security features)
推荐用hardened-dev-sources,
# emerge hardened-dev-sources
make menuconfig时注意
Under "Code maturity level options"
Prompt for development and/or incomplete code/drivers
Under "General setup"
Auditing support
Under "File systems"
<*> Second extended fs support (If using ext2)
Ext2 extended attributes
[ ] Ext2 POSIX Access Control Lists
Ext2 Security Labels
<*> Ext3 journalling file system support (If using ext3)
Ext3 extended attributes
[ ] Ext3 POSIX Access Control Lists
Ext3 security labels
<*> XFS filesystem support (If using XFS)
[ ] Realtime support (EXPERIMENTAL)
[ ] Quota support
[ ] ACL support
Security Labels
/proc file system support
[ ] /dev file system support (EXPERIMENTAL)
/dev/pts file system for Unix98 PTYs (This option does not appear in 2.6, it is always on)
/dev/pts Extended Attributes
/dev/pts Security Labels
Virtual memory file system support (former shm fs)
Under "Security options"
Enable different security models
Socket and Networking Security Hooks
<*> Capabilities Support
NSA SELinux Support
[ ] NSA SELinux boot parameter
[ ] NSA SELinux runtime disable
NSA SELinux Development Support
[ ] NSA SELinux MLS policy (EXPERIMENTAL)
3.写/etc/fstab
默认的
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /selinux selinuxfs defaults 0 0
不要去掉了
4.写引导程序时要加入gentoo=nodevfs
5.安装完成后,准备重启时要relabel the filesystems:
# cd /etc/security/selinux/src/policy/
Adjust policy version if needed.
# make load
# make chroot_relabel
重启
# exit
# umount /mnt/gentoo/proc /mnt/gentoo/selinux /mnt/gentoo
# reboot
再次relabel:
# cd /etc/security/selinux/src/policy
# make relabel
6.增加一个普通用户
# useradd john -m -G users,wheel,audio,tty -s /bin/bash
# passwd john
在/etc/security/selinux/src/policy/users增加一行
user john roles { staff_r sysadm_r };
接下来emerge xorg gnome什么的.......... |
|
IP卡
狗仔卡
发表于 2004-11-13 17:35:50
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
