On Fri, Apr 13, 2007 at 07:50:32PM +0200, Sven Arvidsson wrote: > On Fri, 2007-04-13 at 19:38 +0200, Raphael wrote: > > I want to learn the selinux in debian etch, but, it is very hard to find > > the right doku about it. I want to learn how is the default state in > > etch now and how to change this. Is there a good start-howto? > > > > Google don't show me a good doku... :( > > > > selinux isn't anymore new??? > > I haven't played with it myself, but here are some links, suggesting > starting points. > > http://wiki.debian.org/SELinux > - Seems to have good instructions for setup and common issues. > > http://etbe.blogspot.com/2006/12/se-linux-on-debian-in-5-minutes.html > - SE Linux on Debian in 5 minutes > > And last, Erich Schubert have been working on SELinux for Debian for a > long time, and blogging quite a lot about it. > http://blog.drinsama.de/erich/en/linux/selinux/ > This[0] looks interesting. And there is a list[1] but its not very active although I'd expect someone to answer.
As for the 'default' state of SELinux, I'd make a few comments. Etch (and beyond) has SELinux support. This means that when you install Etch, it can be used, but its not active by default. You can add a boot parameter 'selinux=1' iirc to make it active. And then you need a /selinux directory to be created. Then you can start with using 'enforcing=0' boot parameter to allow SELinux to just create AVC message as a way to test your system. And after you fix any SELinux issues, then you can use 'enforcing=1'. At this moment iirc there is good support for targeted mode while strict mode is still being worked on. targeted mode is less secure and only targets 'network facing interfaces and programs' which is the more common need. Stict mode tried to make all processes secure and required much more work and may required further tweaking to your system. But read etbe's blog entry for what is needed. -Kev [0] http://sourceforge.net/docman/display_doc.php?docid=14882&group_id=21266 [1] http://lists.alioth.debian.org/mailman/listinfo/selinux-user -k -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal |mysite.verizon.net/kevin.mark/| | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keyserver: subkeys.pgp.net | my NPO: cfsg.org | |join the new debian-community.org to help Debian! | |_______ Unless I ask to be CCd, assume I am subscribed _______|
signature.asc
Description: Digital signature
