Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-16-2006, 10:47 PM
|
#1
|
Member
Registered: Mar 2005
Posts: 124
Rep:
|
where to get selinux kernel patchs?
All,
Where are the selinux kernel patchs? They do not appear to be in the kernel.org sources. The kernel level is 2.6.16.9. There are no selinux configuration options in this kernel.
Thanks - Dan
|
|
|
09-16-2006, 10:57 PM
|
#2
|
Member
Registered: Mar 2005
Posts: 124
Original Poster
Rep:
|
The post may be in error. The ..source /security dir show selinux files. The raw source may be in the kernel.org source. However no option is offered in make xconfig to turn selinux on. Does anyone know what would cause this?
- Dan
|
|
|
09-17-2006, 01:12 PM
|
#3
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
it should be in the security options or something...
http://www.linux-magazin.de/Artikel/...linux/abb3.jpg
BTW, if you really wanna use 2.6.16.y, i recommend that you upgrade to 2.6.16.29, which is the latest 2.6.16.y at the time of this post... then again, your 2.6.16.9 might have been a typo...
|
|
|
09-17-2006, 02:05 PM
|
#4
|
Member
Registered: Mar 2005
Posts: 124
Original Poster
Rep:
|
Thanks,
That is what I thought. This is what appears in security options:
#
# Security options
#
# CONFIG_KEYS is not set
CONFIG_SECURITY=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_CAPABILITIES=m
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SECLVL is not set
SELinux does not appear.
- Dan
|
|
|
09-17-2006, 02:29 PM
|
#5
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
what term did you grep for?? try grepping for SELINUX...
this is what my ubuntu box's config looks like:
Code:
win32sux@lisa:~$ cat /boot/config-2.6.15-26-386 | grep SELINUX
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
|
|
|
09-17-2006, 02:36 PM
|
#6
|
Member
Registered: Mar 2005
Posts: 124
Original Poster
Rep:
|
I just downloaded the latest .6 kernel from kernel.org and untared it. I tried both make oldconfig and make config.
SELinux did not show up anywhere.
???
- Dan
|
|
|
09-17-2006, 04:09 PM
|
#7
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by dansawyer
I just downloaded the latest .6 kernel from kernel.org and untared it. I tried both make oldconfig and make config.
SELinux did not show up anywhere.
???
- Dan
|
well, i guess i'll download the latest 2.6 (2.6.17.13) from kernel.org too then to show you exactly where the options are... or were you referring to the latest from the 2.6.16.y branch (2.6.16.29)??
ah, whatever - i'll download them both...
Last edited by win32sux; 09-17-2006 at 04:18 PM.
|
|
|
09-17-2006, 05:19 PM
|
#8
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
i downloaded 2.6.16.29, but i'm having trouble getting "make xconfig" to work cuz of some qt dependancies... but i did a "make menuconfig" and the selinux options are right where you'd expect them to be (in Security Options):
Code:
[*] Enable access key retention support │ │
│ │ [ ] Enable the /proc/keys file by which all keys may be viewed │ │
│ │[*] Enable different security models │ │
│ │[*] Socket and Networking Security Hooks │ │
│ │ [ ] XFRM (IPSec) Networking Security Hooks (NEW) │ │
│ │ <M> Default Linux Capabilities │ │
│ │ <M> Root Plug Support │ │
│ │ <M> BSD Secure Levels │ │
│ │[*] NSA SELinux Support │ │
│ │[*] NSA SELinux boot parameter │ │
│ │ (0) NSA SELinux boot parameter default value │ │
│ │[*] NSA SELinux runtime disable │ │
│ │[*] NSA SELinux Development Support │ │
│ │[*] NSA SELinux AVC Statistics │ │
│ │ (1) NSA SELinux checkreqprot default value │ │
│ │
the same goes for 2.6.17.13:
Code:
[*] Enable access key retention support │ │
│ │ [ ] Enable the /proc/keys file by which all keys may be viewed │ │
│ │[*] Enable different security models │ │
│ │[*] Socket and Networking Security Hooks │ │
│ │ [ ] XFRM (IPSec) Networking Security Hooks (NEW) │ │
│ │ <M> Default Linux Capabilities │ │
│ │ <M> Root Plug Support │ │
│ │ <M> BSD Secure Levels │ │
│ │[*] NSA SELinux Support │ │
│ │[*] NSA SELinux boot parameter │ │
│ │ (0) NSA SELinux boot parameter default value │ │
│ │[*] NSA SELinux runtime disable │ │
│ │[*] NSA SELinux Development Support │ │
│ │[*] NSA SELinux AVC Statistics │ │
│ │ (1) NSA SELinux checkreqprot default value
so i'm not sure why you aren't getting/finding those options... they are DEFINITELY there - in fact, it's my understanding that selinux has been a part of 2.6 since the start...
Last edited by win32sux; 09-17-2006 at 05:24 PM.
|
|
|
09-17-2006, 09:52 PM
|
#9
|
Member
Registered: Mar 2005
Posts: 124
Original Poster
Rep:
|
I re-checked the 2.6.17.13 file. The various config tools show Enable Access Key R... option. However turning on does not bring up the SELinux options.
- Dan
|
|
|
09-18-2006, 11:06 PM
|
#10
|
Member
Registered: Mar 2005
Posts: 124
Original Poster
Rep:
|
All - I got help with the answer:
1. use make menuconfig
2. enter the / command
3. search for selinux
4. go to the bottom and make sure all the depends are satisfied.
(in my case it was the 'audit' dependency.
- Dan
|
|
|
All times are GMT -5. The time now is 02:32 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|