Re: Selinux available on 2.6.10 powerpc.deb [was: powerpc 2.6.10-2 [ ... ]]

To: Sven Luther <sven.luther@wanadoo.fr>
Cc: debian-powerpc@lists.debian.org
Subject: Re: Selinux available on 2.6.10 powerpc.deb [was: powerpc 2.6.10-2 [ ... ]]
From: Wolfgang Pfeiffer <roto@gmx.net>
Date: Fri, 18 Feb 2005 12:58:26 +0100
Message-id: <[🔎] 20050218115826.GB4203@localhost>
In-reply-to: <[🔎] 20050217225622.GB31006@pegasos>
References: <[🔎] 20050216195119.GC4115@localhost> <[🔎] 20050217225622.GB31006@pegasos>

On Thu, Feb 17, 2005 at 11:56:22PM +0100, Sven Luther wrote:
> On Wed, Feb 16, 2005 at 08:51:20PM +0100, Wolfgang Pfeiffer wrote:
> > On Wed, Feb 16, 2005 at 11:55:09AM +0100, Sven Luther wrote:
> > 2.6.10 has "Selinux" support compiled in. :)
> 
> Yes, indeed :
> 
> #
> # Security options
> #
> CONFIG_KEYS=y
> # CONFIG_KEYS_DEBUG_PROC_KEYS is not set
> CONFIG_SECURITY=y
> CONFIG_SECURITY_NETWORK=y
> CONFIG_SECURITY_CAPABILITIES=y
> # CONFIG_SECURITY_ROOTPLUG is not set
> CONFIG_SECURITY_SECLVL=m
> CONFIG_SECURITY_SELINUX=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM=y
> CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
> CONFIG_SECURITY_SELINUX_DISABLE=y
> CONFIG_SECURITY_SELINUX_DEVELOP=y
> # CONFIG_SECURITY_SELINUX_MLS is not set
> 
> I am not sure about this one (or other rarely used options), so i am trying to
> follow the x86 kernels on this.

------------------------
McCarty, in his SELinux Book (O'Reilly, Oct. 2004) suggests the following
settings for a SELinux enabled Kernel:


Under Code Maturity, specify:
Prompt for development and/or incomplete code/drivers


Under Device Drivers --> Character Devices, specify:
UNIX98 PTY
No Legacy (BSD) PTY support


Under File Systems, specify:
Second Extended fs support
Ext2 extended attributes
Ext2 security labels
Ext3 journalling file system support
Ext3 extended attributes
Ext3 security labels


Don't specify POSIX access control lists for either ext2 or ext3.

Under Pseudo filesystems, specify:
/dev/pts Extended Attributes
/dev/pts Security labels

Don't specify
/dev file system support

And finally, under Security options, specify:
Enable different security models
Socket and networking security hooks
Default Linux capabilities
NSA SELinux
NSA SELinux boot parameter
NSA SELinux Development support
--------------------------------

More docs, support etc.:

"Getting Started with Security Enhanced Linux: the new SE Linux":
http://www.lurking-grue.org/

There are special mailing lists for selinux:

I read in the McCarty book that a mailing-list such as the
debian-security one might be a forum for selinux related topics.

NSA list:
http://www.nsa.gov/selinux/info/list.cfm?MenuID=41.1.1.9

Fedora list:
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

And last not least:
*The* selinux book :) (Several weeks ago it was the only SELinux
primer at all that I knew about):

Bill McCarty:

        SELINUX 
  NSA's Open Source 
Security Enhanced Linux

All in all with about 238 pages. Among them more than 20 pages of
appendices and an index with about 16 pages. With short instructions
how to install the SELinux stuff on Fedora 2, Debian, Gentoo. With
some relatively short notes on Suse and RedHat Enterprise Linux:
http://www.oreilly.com/catalog/selinux/index.html

HTH

Regards
Wolfgang

-- 
Wolfgang Pfeiffer
http://profiles.yahoo.com/wolfgangpfeiffer

Reply to:

References:
- Selinux available on 2.6.10 powerpc.deb [was: powerpc 2.6.10-2 [ ... ]]
  - From: Wolfgang Pfeiffer <roto@gmx.net>
- Re: Selinux available on 2.6.10 powerpc.deb [was: powerpc 2.6.10-2 [ ... ]]
  - From: Sven Luther <sven.luther@wanadoo.fr>

Prev by Date: Re: French keyboard PowerBook G4 ( alu ) with KDE
Next by Date: Re: French keyboard PowerBook G4 ( alu ) with KDE
Previous by thread: Re: Selinux available on 2.6.10 powerpc.deb [was: powerpc 2.6.10-2 [ ... ]]
Next by thread: Linux-PPC, 802.11g, and B&W new world power mac, internal v.90 modems?
Index(es):
- Date
- Thread