Linux伊甸园论坛 » Gentoo » 从安装好的gentoo转换到gentoo selinux

testeen 发表于 2004-11-7 11:56

从安装好的gentoo转换到gentoo selinux

向Gentoo SELinux转换（系统文件格式必须是ext2/3,xfs）

1.
# rm -f /etc/make.profile
# ln -sf /usr/portage/profiles/selinux/2004.1/x86 /etc/make.profile

2.Update Kernel Headers
# emerge -s linux-headers
如果安装了gentoolkit 可以这样：
# qpkg -I -v linux-headers
如果linux-headers版本小于2.4.20，必须安装新的
# emerge \>=sys-kernel/linux-headers-2.4.20

3.升级glibc
emerge glibc

4.emerge SELinux的内核
# emerge hardened-dev-sources
make menucofnig时：

[code]
Under "Code maturity level options"
[*] Prompt for development and/or incomplete code/drivers

Under "General setup"
[*] Auditing support

Under "File systems"
<*> Second extended fs support (If using ext2)
[*]   Ext2 extended attributes
[ ]     Ext2 POSIX Access Control Lists
[*]     Ext2 Security Labels
<*> Ext3 journalling file system support (If using ext3)
[*]   Ext3 extended attributes
[ ]     Ext3 POSIX Access Control Lists
[*]     Ext3 Security labels
<*> XFS filesystem support (If using XFS)
[ ]   Realtime support (EXPERIMENTAL)
[ ]   Quota support
[ ]   ACL support
[*]   Security Labels

[ ] /dev file system support (EXPERIMENTAL)
[*] /dev/pts file system for Unix98 PTYs (This option does not appear in 2.6, it is always on)
[*]   /dev/pts Extended Attributes
[*]     /dev/pts Security Labels   

Under "Security options"
[*] Enable different security models
[*] Socket and Networking Security Hooks
<*> Capabilities Support
[*] NSA SELinux Support
[ ]   NSA SELinux boot parameter
[ ]   NSA SELinux runtime disable
[*]   NSA SELinux Development Support
[ ]   NSA SELinux MLS policy (EXPERIMENTAL)

[/code]

5.重写/etc/fstab
加入:
none /dev/pts devpts gid=5,mode=620 0 0
none /selinux selinuxfs defaults 0 0
建立挂载地点：
# mkdir /selinux
# mkdir /sys

6.引导程序必须加入
gentoo=nodevfs
重启，

7.安装SELinux必要的套件
# emerge libselinux checkpolicy policycoreutils
# emerge selinux-base-policy
# cd /etc/security/selinux/src/policy
# make load

8.安装打有SELinux的系统套件
# emerge sysvinit pam coreutils findutils openssh pam-login procps psmisc shadow util-linux python-selinux
其他可选的有
app-admin/logrotate
sys-apps/fcron
sys-apps/vixie-cron
sys-libs/pwdb

9.卸载不需要的东西
# emerge -C textutils fileutils sh-utils

10.Label Filesystems：
# cd /etc/security/selinux/src/policy
# make relabel
重启再次
# cd /etc/security/selinux/src/policy
# make relabel

ok,done!

ghosttrain 发表于 2004-11-8 13:09

在转换到SELinux后, 在一般的使用环境中是否会有更多限制?!
可惜我的系统是reiserfs, 没有机会尝试:)

查看完整版本: 从安装好的gentoo转换到gentoo selinux