Sl: различия между версиями
Stanv (обсуждение | вклад) (Новая страница: «write me Категория:Features Категория:Admin {{Category navigation|title=Features|category=Features|sortkey={{SUBPAGENAME}}}}») |
Stanv (обсуждение | вклад) Нет описания правки |
||
Строка 1: | Строка 1: | ||
== Howto get working SeLinux AltLinux policy == | |||
=== Install policy === | |||
Install package selinux-policy-altlinux | |||
=== Update Grub config === | |||
Update configuration GRUB's file: /etc/sysconfig/grub2: | |||
GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1' | |||
It is also possible to add: | |||
* enforcing=1 | |||
* log_buf_len=1M | |||
=== PAM configuration === | |||
* Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module | |||
session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config | |||
* Add to /etc/pam.d/common-login: | |||
# The first `session' module | |||
# pam_selinux.so close should be the first session rule | |||
session required pam_selinux.so close | |||
# The last `session' module | |||
# pam_selinux.so open should only be followed by sessions to be executed in the user context | |||
session required pam_selinux.so open verbose | |||
== ALT Linux aspects == | |||
Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. | |||
For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git | |||
Версия от 12:55, 22 апреля 2013
Howto get working SeLinux AltLinux policy
Install policy
Install package selinux-policy-altlinux
Update Grub config
Update configuration GRUB's file: /etc/sysconfig/grub2:
GRUB_CMDLINE_LINUX_DEFAULT='panic=30 quiet splash security=selinux selinux=1'
It is also possible to add:
- enforcing=1
- log_buf_len=1M
PAM configuration
- Add to /etc/pam.d/newrole _before_ `pam_namespace.so' module
session required pam_exec.so debug /etc/security/alt.newrole/helper /etc/security/alt.newrole/config
- Add to /etc/pam.d/common-login:
# The first `session' module # pam_selinux.so close should be the first session rule session required pam_selinux.so close
# The last `session' module # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open verbose
ALT Linux aspects
Add patch for policycoreutils-newrole has patch, that adds to Linux capabilities: CAP_SETGID & CAP_AUDIT_WRITE. For more info look up at: http://git.altlinux.org/gears/p/policycoreutils.git