* debian and initrd with selinux on 2.6.0-test1
@ 2003-07-19 19:15 max barwell
2003-07-19 21:54 ` Colin Walters
0 siblings, 1 reply; 2+ messages in thread
From: max barwell @ 2003-07-19 19:15 UTC (permalink / raw)
To: SElinux list; +Cc: Russell Coker
I had selinux running well on a 2.4 kernel but decided to be a bit more
adventurous, so I am trying to get it going on 2.6.0-test1.
I am using Debian sid and the selinux-2.5-2003071106.tgz set of tools,
from the NSA website.
In an email from Stephen Smalley he told me that the userland tools for
2.5 would be fine with 2.6, but one thing in the readme has me stumped,
you have to patch your mkinitrd script to make an initrd image for
selinux. The example given is for patching redhat 9's mkinitrd.
I am assuming this is possible, I am not so hot at coding, so
writing my own patch could be a big ask for me. Could someone please
tell/help/point me in the right direction, to get an initrd image for
selinux and debian.
regards Max Barwell
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: debian and initrd with selinux on 2.6.0-test1
2003-07-19 19:15 debian and initrd with selinux on 2.6.0-test1 max barwell
@ 2003-07-19 21:54 ` Colin Walters
0 siblings, 0 replies; 2+ messages in thread
From: Colin Walters @ 2003-07-19 21:54 UTC (permalink / raw)
To: max barwell; +Cc: SElinux list, Russell Coker
[-- Attachment #1: Type: text/plain, Size: 850 bytes --]
On Sat, 2003-07-19 at 15:15, max barwell wrote:
> I had selinux running well on a 2.4 kernel but decided to be a bit more
> adventurous, so I am trying to get it going on 2.6.0-test1.
>
> I am using Debian sid and the selinux-2.5-2003071106.tgz set of tools,
> from the NSA website.
You might want to try my experimental packages (just announced a few
minutes ago); otherwise you will likely end up redoing a lot of the work
that I've already done.
> I am assuming this is possible, I am not so hot at coding, so
> writing my own patch could be a big ask for me. Could someone please
> tell/help/point me in the right direction, to get an initrd image for
> selinux and debian.
My selinux-policy-default Debian package contains hooks for the Debian
mkinitrd (in initrd-tools) that work for SELinux 2.5. I've attached the
scripts for reference.
[-- Attachment #2: selinux.initrd-script --]
[-- Type: text/x-sh, Size: 188 bytes --]
#!/bin/sh -e
echo Loading policy
mount -nt selinuxfs none /selinux
/bin/load_policy /etc/security/selinux/policy.15 || (echo "Policy load failed!"; exit 1)
echo Done loading policy
[-- Attachment #3: selinux.mkinitrd-script --]
[-- Type: text/x-sh, Size: 422 bytes --]
#!/bin/sh -e
# Install binary policy file and load_policy utility for loading it.
test -n "$INITRDDIR"
mkdir -p "$INITRDDIR"/selinux
mkdir -p "$INITRDDIR"/etc/security/selinux
mkdir -p "$INITRDDIR"/scripts
cp -a /etc/security/selinux/policy.15 "$INITRDDIR/etc/security/selinux/policy.15"
cp -a /usr/sbin/load_policy "$INITRDDIR/bin/load_policy"
cp -a /usr/share/selinux/initrd-script "$INITRDDIR/scripts/selinux"
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-19 21:54 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-19 19:15 debian and initrd with selinux on 2.6.0-test1 max barwell
2003-07-19 21:54 ` Colin Walters
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.