LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   selinux and slackware (https://www.linuxquestions.org/questions/slackware-14/selinux-and-slackware-623343/)

mjgreen 02-23-2008 01:41 PM
selinux and slackware
 
Anyone tried it?

Yes, I know there's some outdated build scripts on the slackware for distributions site; I've updated these to latest selinux packages/latest slack, however those particular builds add PAM and some other stuff to slack, which I don't want to do.

truthfatal 02-24-2008 10:55 PM
There was a discussion on the NSA Mailing list for SELinux a while back (Google selinux +"without PAM")
The discussion seems to indicate that some policy tweaking can rid you for the PAM requirement.

Quote:
SELinux doesn't strictly require the use of PAM; you can port it to Slackware without necessarily converting to PAM. Using SELinux without PAM (and pam_selinux) just requires policy modifications to allow direct program reading of /etc/shadow and direct patching of login. pam_selinux was actually introduced by Red Hat when they integrated SELinux into Fedora Core; prior to that, login was directly patched for SELinux. So an alternative path is to resurrect the old login patch for SELinux and adjust policy accordingly.

--
Stephen Smalley
National Security Agency
http://www.nsa.gov/selinux/list-arch...ead_body60.cfm

/*
If you can find the patch mentioned in this link ( http://www.engardelinux.org/modules/...&month=2007-12 ) You would probably have something very helpful. ;)
*/

mjgreen 02-25-2008 07:03 AM
Quote:
Originally Posted by truthfatal (Post 3068742)
There was a discussion on the NSA Mailing list for SELinux a while back (Google selinux +"without PAM")
The discussion seems to indicate that some policy tweaking can rid you for the PAM requirement.


http://www.nsa.gov/selinux/list-arch...ead_body60.cfm

/*
If you can find the patch mentioned in this link ( http://www.engardelinux.org/modules/...&month=2007-12 ) You would probably have something very helpful. ;)
*/
Yup, that may have been me (though not me in the thread u posted). You can get rid of PAM, its just resurrecting the patch (and finding it first)

vbatts 09-09-2008 09:37 PM
i'm not sure that the patch will be your golden ticket, but if you want to find it, its inside an rpm src package.

package name 'util-linux-2.11y-31.2.src.rpm', of course version info maybe different.

mirror page
http://www.filewatcher.com/m/util-li...52730.0.0.html


then just 'rpm2cpio util-linux-2.11y-31.2.src.rpm | cpio -idvm ' and you see it extracted the 'util-linux-selinux.patch' file you were referring to.

vb


All times are GMT -5. The time now is 12:58 PM.