LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-16-2006, 10:47 PM   #1
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Rep: Reputation: 15
where to get selinux kernel patchs?


All,

Where are the selinux kernel patchs? They do not appear to be in the kernel.org sources. The kernel level is 2.6.16.9. There are no selinux configuration options in this kernel.

Thanks - Dan
 
Old 09-16-2006, 10:57 PM   #2
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
The post may be in error. The ..source /security dir show selinux files. The raw source may be in the kernel.org source. However no option is offered in make xconfig to turn selinux on. Does anyone know what would cause this?

- Dan
 
Old 09-17-2006, 01:12 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
it should be in the security options or something...

http://www.linux-magazin.de/Artikel/...linux/abb3.jpg

BTW, if you really wanna use 2.6.16.y, i recommend that you upgrade to 2.6.16.29, which is the latest 2.6.16.y at the time of this post... then again, your 2.6.16.9 might have been a typo...
 
Old 09-17-2006, 02:05 PM   #4
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
Thanks,

That is what I thought. This is what appears in security options:

#
# Security options
#
# CONFIG_KEYS is not set
CONFIG_SECURITY=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_CAPABILITIES=m
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_SECURITY_SECLVL is not set

SELinux does not appear.

- Dan
 
Old 09-17-2006, 02:29 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
what term did you grep for?? try grepping for SELINUX...

this is what my ubuntu box's config looks like:
Code:
win32sux@lisa:~$ cat /boot/config-2.6.15-26-386 | grep SELINUX
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
 
Old 09-17-2006, 02:36 PM   #6
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
I just downloaded the latest .6 kernel from kernel.org and untared it. I tried both make oldconfig and make config.

SELinux did not show up anywhere.

???

- Dan
 
Old 09-17-2006, 04:09 PM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by dansawyer
I just downloaded the latest .6 kernel from kernel.org and untared it. I tried both make oldconfig and make config.

SELinux did not show up anywhere.

???

- Dan
well, i guess i'll download the latest 2.6 (2.6.17.13) from kernel.org too then to show you exactly where the options are... or were you referring to the latest from the 2.6.16.y branch (2.6.16.29)??

ah, whatever - i'll download them both...

Last edited by win32sux; 09-17-2006 at 04:18 PM.
 
Old 09-17-2006, 05:19 PM   #8
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
i downloaded 2.6.16.29, but i'm having trouble getting "make xconfig" to work cuz of some qt dependancies... but i did a "make menuconfig" and the selinux options are right where you'd expect them to be (in Security Options):
Code:
[*] Enable access key retention support                                                                          │ │
  │ │ [ ]   Enable the /proc/keys file by which all keys may be viewed                                                 │ │
  │ │[*] Enable different security models                                                                             │ │
  │ │[*]   Socket and Networking Security Hooks                                                                       │ │
  │ │ [ ]     XFRM (IPSec) Networking Security Hooks (NEW)                                                             │ │
  │ │ <M>   Default Linux Capabilities                                                                                 │ │
  │ │ <M>   Root Plug Support                                                                                          │ │
  │ │ <M>   BSD Secure Levels                                                                                          │ │
  │ │[*] NSA SELinux Support                                                                                          │ │
  │ │[*]   NSA SELinux boot parameter                                                                                 │ │
  │ │ (0)     NSA SELinux boot parameter default value                                                                 │ │
  │ │[*]   NSA SELinux runtime disable                                                                                │ │
  │ │[*]   NSA SELinux Development Support                                                                            │ │
  │ │[*]   NSA SELinux AVC Statistics                                                                                 │ │
  │ │ (1)   NSA SELinux checkreqprot default value                                                                     │ │
  │ │
the same goes for 2.6.17.13:
Code:
[*] Enable access key retention support                                                     │ │
  │ │                      [ ]   Enable the /proc/keys file by which all keys may be viewed                            │ │
  │ │[*] Enable different security models                                                        │ │
  │ │[*]   Socket and Networking Security Hooks                                                  │ │
  │ │                      [ ]     XFRM (IPSec) Networking Security Hooks (NEW)                                        │ │
  │ │                      <M>   Default Linux Capabilities                                                            │ │
  │ │                      <M>   Root Plug Support                                                                     │ │
  │ │                      <M>   BSD Secure Levels                                                                     │ │
  │ │[*] NSA SELinux Support                                                                     │ │
  │ │[*]   NSA SELinux boot parameter                                                            │ │
  │ │                      (0)     NSA SELinux boot parameter default value                                            │ │
  │ │[*]   NSA SELinux runtime disable                                                           │ │
  │ │[*]   NSA SELinux Development Support                                                       │ │
  │ │[*]   NSA SELinux AVC Statistics                                                            │ │
  │ │                      (1)   NSA SELinux checkreqprot default value
so i'm not sure why you aren't getting/finding those options... they are DEFINITELY there - in fact, it's my understanding that selinux has been a part of 2.6 since the start...

Last edited by win32sux; 09-17-2006 at 05:24 PM.
 
Old 09-17-2006, 09:52 PM   #9
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
I re-checked the 2.6.17.13 file. The various config tools show Enable Access Key R... option. However turning on does not bring up the SELinux options.

- Dan
 
Old 09-18-2006, 11:06 PM   #10
dansawyer
Member
 
Registered: Mar 2005
Posts: 124

Original Poster
Rep: Reputation: 15
All - I got help with the answer:

1. use make menuconfig
2. enter the / command
3. search for selinux
4. go to the bottom and make sure all the depends are satisfied.

(in my case it was the 'audit' dependency.

- Dan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Etch/PPC SELinux kernel panic, glibc and policy.20 RavenOfOdin Debian 0 08-08-2006 08:15 PM
SELinux Vagrant Arch 3 02-24-2006 10:06 PM
is selinux installad?? slack Kernel 2.6.14 Mainframe Slackware 1 11-11-2005 06:10 AM
FC3 + SELinux + Vanilla kernel jymbo Fedora 7 11-25-2004 08:45 PM
Linux Patchs dmoyer33 Linux - Software 3 08-04-2003 09:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration