Rajinder Yadav wrote: > --- On Sun, 7/5/09, Justin P. Mattock<[email protected]> wrote: > > >> From: Justin P. Mattock<[email protected]> >> Subject: Re: SELinux >> To: "LFS Support List"<[email protected]> >> Received: Sunday, July 5, 2009, 10:46 AM >> Michael Tsang wrote: >> >>> On Sunday 05 July 2009 16:43:10 Rajinder Yadav wrote: >>> >>> >>>> I noticed one of the switch passed when building >>>> >> glibc is --without-selinux >> >>>> I assume the resulting LFS system, will it be >>>> >> missing Security Enhancement? >> >>>> If so what is required to build a SE LFS system. >>>> >>>> I assume SE is part of the Linux kernel and thus >>>> >> needs to be built as part >> >>>> of the Linux kernel? >>>> >>>> Kind Regards, >>>> Rajinder Yadav >>>> >>>> >>>> >>>> >> __________________________________________________________________ >> >>>> The new Internet Explorer® 8 - Faster, safer, >>>> >> easier. Optimized for Yahoo! >> >>>> Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ >>>> >>>> >>> In which ver. and ch. does the book told you to do so? >>> >> The book does not told >> >>> me to do so (I am using SVN-20090629). Also, you need >>> >> to enable SELinux in the >> >>> kernel to make it works. >>> >>> Michael Tsang >>> >>> >> Even under hlfs there's not much about SELinux. >> If you wanted SELinux I would imagine you would start >> by having all of the security >> headers/libs(libselinux,libaudit,libattr,etc..) >> before building libc, then after libc making sure all other >> apps/libs >> that give >> an SElinux switch are turned on. Then once thats done >> grab refpolicy >> and start locking down your system. >> >> Justin P. Mattock >> >> -- >> http://linuxfromscratch.org/mailman/listinfo/lfs-support >> FAQ: http://www.linuxfromscratch.org/lfs/faq.html >> Unsubscribe: See the above information page >> >> > Hi Justin, > > thank you for the pointers, SeLinux LFS sounds like a plan down the road, > something else to get into and learn =) > > Kind Regards, > Rajinder Yadav > > > __________________________________________________________________ > Looking for the perfect gift? Give the gift of Flickr! > > http://www.flickr.com/gift/ > Well, If you need to its possible, I myself run an LFS system with an SELinux policy running(latest refpolicy from tresys). just remember that you need to tell your packages early in the build process that you want to enable SELinux, or for example coreutils ls -Z won't show the contexts)
Justin P. Mattock -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
