Selinux installation

Message

flipper203 · Post by **flipper203** » Sun Nov 05, 2006 5:35 pm

Hello, I tryed to install SElinux, following the handbook. I have some questions about this handbook:

Which is the SELinux profile for gentoo 2006.1 ? in the handbook they say to link to the profile /usr/portage/profiles/selinux/2005.1/x86 which is a 2005 profile.

When the hardened sources is installed, do we have to change the link of /usr/src/linux to take the hardened sources when recompiling the kernel ?

nixnut · Post by **nixnut** » Sun Nov 05, 2006 5:37 pm

The 2006.1 selinux profile is for the new reference policy. But you can't use that profile yet if you want to harden your system with pie/ssp. The new profile needs gcc-4.1 and glibc-2.4

flipper203 · Post by **flipper203** » Sun Nov 05, 2006 5:41 pm

so for the moment I have to use the 2005 profile? (Sorry but I m trying to install SElinux since some days and I ll try to do a full reinstall, so I want to be sure that it will work!!)

nixnut · Post by **nixnut** » Sun Nov 05, 2006 6:23 pm

Yeah, best to stick with the 2005.1 profile for now. That way you can follow the guide.

flipper203 · Post by **flipper203** » Mon Nov 13, 2006 8:27 pm

So, I tried to do a clean install of gentoo, then SELinux, following the handbook but I still have an issue, when I execute the sestatus command, I get the following error:

Code: Select all

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          error (No such file or directory)
Policy version:                 20
Policy from config file:        security

But the selinux-base-policy is installed

Code: Select all

([ebuild   R   ] sec-policy/selinux-base-policy-20051022-r1  USE="-build" 0 kB)

The directory /etc/selinux is missing in my installation. I don't understand what I did wrong. Could anybody give me a clue about this problem, I m really anoyed about this.

And I can't emerge pam, I get an error.

my kernel version is 2.6.17-hardened-r1, and it is pam-0.78-r3 that doesn't emerge

Thanks

flipper203 · Post by **flipper203** » Tue Nov 14, 2006 8:48 pm

up, nobody has any clue for me?

ovaron_gen · Post by **ovaron_gen** » Sun Nov 19, 2006 12:44 am

flipper203 wrote:up, nobody has any clue for me?

i dont think the "Mode from config file: error (No such file or directory) " is a problem.

nixnut · Post by **nixnut** » Sun Nov 19, 2006 2:11 pm

Try asking on the gentoo-hardened mailling list or on irc in #gentoo-hardened on the freenode network