Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Tad <tadglines@×××××××.net>
To: 'Chris PeBenito' <pebenito@g.o>, 'Hardened Gentoo Mail List' <gentoo-hardened@g.o>
Subject: RE: [gentoo-hardened] Non-initrd SELinux initial policy loading
Date: Mon, 24 Nov 2003 23:25:26
Message-Id: 001f01c3b2e2$35353ba0$0301a8c0@sprite
In Reply to: [gentoo-hardened] Non-initrd SELinux initial policy loading by Chris PeBenito
1 First let me say that seinit is a great idea. It'll make working on the
2 policy a little more convenient.
3
4 I just tried it, however, and it didn't work. All the really useful error
5 messages zipped by too fast to read, but as far as I could tell the policy
6 loaded but everything after that failed due to permission denied.
7
8 I tried re-labeling seinit so its context type was init_exec_t instead of
9 sbin_t but that didn't work.
10
11 Is there a policy change needed for this to work?
12
13 -Tad
14
15 > -----Original Message-----
16 > From: Chris PeBenito [mailto:pebenito@g.o]
17 > Sent: Monday, November 24, 2003 10:15 AM
18 > To: Hardened Gentoo Mail List
19 > Subject: [gentoo-hardened] Non-initrd SELinux initial policy loading
20 >
21 > For those interested in not using the initrd for doing the initial
22 > SELinux policy load, its now possible. For those who still want to
23 > continue to use the initrd, you can simply ignore this email.
24 > /sbin/seinit will load the policy, and then exec the real init
25 > (/sbin/init). No more forgetting to regenerate the initrd :) . If you
26 > choose to not use the initrd anymore, you can also unmerge mkinitrd.
27 >
28 > Instructions:
29 > 1. make sure you have policycoreutils-1.2-r2 (/sbin/seinit should exist)
30 > 2. remove the initrd line from your bootloader, and add
31 > init=/sbin/seinit to the kernel command line.
32 >
33 > GRUB Example:
34 >
35 > title=linux
36 > root (hd0,0)
37 > kernel /bzImage root=/dev/hda3 init=/sbin/seinit gentoo=nodevfs
38 >
39 >
40 > LILO Example:
41 >
42 > image=/boot/bzImage
43 > label=linux
44 > read-only
45 > root=/dev/hda3
46 > append="init=/sbin/seinit gentoo=nodevfs"
47 >
48 >
49 > --
50 > Chris PeBenito
51 > <pebenito@g.o>
52 > Developer,
53 > Hardened Gentoo Linux
54 > Embedded Gentoo Linux
55 >
56 > Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
57 > Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
58
59
60 --
61 gentoo-hardened@g.o mailing list

Replies

Subject Author
RE: [gentoo-hardened] Non-initrd SELinux initial policy loading Chris PeBenito <pebenito@g.o>
Report Message
Find on MARC Find on Google Groups