SELinux的参考链接:
NSA SELinux main website ―
http://www.nsa.gov/selinux/
NSA SELinux FAQ ―
http://www.nsa.gov/selinux/info/faq.cfm
http://fedora.redhat.com/docs/selinux-faq-fc2/
http://fedora.redhat.com/docs/selinux-faq-fc3/
SELinux community page ―
http://selinux.sourceforge.net
UnOfficial FAQ ―
http://www.crypt.gen.nz/selinux/faq.html
Writing SE Linux policy HOWTO ―
https://sourceforge.net/docman/d ... &group_id=21266
Getting Started with SE Linux HOWTO: the new SE Linux (Debian) ―
https://sourceforge.net/docman/d ... &group_id=21266
讨论:
On IRC ― irc.freenode.net, #fedora-selinux
Fedora mailing list ― mailto:fedora-selinux-list@redhat.com; read the archives or subscribe at
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
基本同gentoo的普通安装方法,
需要注意的几点:
1.下载selinux stage
比如stage1-x86-selinux-2004.2.tar.bz2安装基本系统
chroot时要
# mount -t proc none /mnt/gentoo/proc
# mount -t selinuxfs none /mnt/gentoo/selinux
# chroot /mnt/gentoo /bin/bash
# env-update
# source /etc/profile
# emerge sync.........
2.安装配置内核时(对了,selinux仅支持ext2/3 ,xfs)
selinux-sources (the base 2.4 kernel source with SELinux patch),
hardened-sources (kernel source patched with SELinux and other security features),
hardened-dev-sources (kernel v2.6 source patched with other security features)
推荐用hardened-dev-sources,
# emerge hardened-dev-sources
make menuconfig时注意
复制内容到剪贴板
代码:
Under "Code maturity level options"
[*] Prompt for development and/or incomplete code/drivers
Under "General setup"
[*] Auditing support
Under "File systems"
<*> Second extended fs support (If using ext2)
[*] Ext2 extended attributes
[ ] Ext2 POSIX Access Control Lists
[*] Ext2 Security Labels
<*> Ext3 journalling file system support (If using ext3)
[*] Ext3 extended attributes
[ ] Ext3 POSIX Access Control Lists
[*] Ext3 security labels
<*> XFS filesystem support (If using XFS)
[ ] Realtime support (EXPERIMENTAL)
[ ] Quota support
[ ] ACL support
[*] Security Labels
[*] /proc file system support
[ ] /dev file system support (EXPERIMENTAL)
[*] /dev/pts file system for Unix98 PTYs (This option does not appear in 2.6, it is always on)
[*] /dev/pts Extended Attributes
[*] /dev/pts Security Labels
[*] Virtual memory file system support (former shm fs)
Under "Security options"
[*] Enable different security models
[*] Socket and Networking Security Hooks
<*> Capabilities Support
[*] NSA SELinux Support
[ ] NSA SELinux boot parameter
[ ] NSA SELinux runtime disable
[*] NSA SELinux Development Support
[ ] NSA SELinux MLS policy (EXPERIMENTAL)3.写/etc/fstab
默认的
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
none /dev/pts devpts gid=5,mode=620 0 0
none /selinux selinuxfs defaults 0 0
不要去掉了
4.写引导程序时要加入gentoo=nodevfs
5.安装完成后,准备重启时要relabel the filesystems:
# cd /etc/security/selinux/src/policy/
Adjust policy version if needed.
# make load
# make chroot_relabel
重启
# exit
# umount /mnt/gentoo/proc /mnt/gentoo/selinux /mnt/gentoo
# reboot
再次relabel:
# cd /etc/security/selinux/src/policy
# make relabel
6.增加一个普通用户
# useradd john -m -G users,wheel,audio,tty -s /bin/bash
# passwd john
在/etc/security/selinux/src/policy/users增加一行
user john roles { staff_r sysadm_r };
接下来emerge xorg gnome什么的...........
