headers
Nicolas Greneche | 9 Feb 16:11
Picon
Favicon

[uml-user] SELinux inside a UML

Hi,

I would like to create a SELinux aware UML. I compiled a ARCH=um kernel 
with SELinux activated.

The UML starts but SELinux seems to be disabled. Libselinux is installed 
so I have userspace tools to check selinux availability and mode 
(permissive, targeted or strict).

Does somebody have a positive feedback about putting SELinux inside a UML ?

Regards,

--

-- 
Nicolas Grenèche

Centre de Ressources Informatiques
Université Paris NORD / UP13
99, avenue Jean-Baptiste Clément
93430 Villetaneuse

Tel : 01 49 40 40 35
Fax : 01 48 22 81 50

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
(Continue reading)

Permalink | Reply |
headers
richard -rw- weinberger | 11 Feb 13:03
Picon

Re: [uml-user] SELinux inside a UML

On Thu, Feb 9, 2012 at 4:11 PM, Nicolas Greneche
<nicolas.greneche <at> univ-paris13.fr> wrote:
> Hi,
>
> I would like to create a SELinux aware UML. I compiled a ARCH=um kernel
> with SELinux activated.

Are you sure?

> The UML starts but SELinux seems to be disabled. Libselinux is installed
> so I have userspace tools to check selinux availability and mode
> (permissive, targeted or strict).
>
> Does somebody have a positive feedback about putting SELinux inside a UML ?
>

Just built a SELinux enabled UML kernel and booted FC16.
SELinux seems to work.
At least it stops me from doing anything as usual. ;-)

type=1400 audit(1328961679.588:10): avc:  denied  { entrypoint } for
pid=666 comm="login" path="/bin/bash" dev="ubda" ino=3539
scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file

--

-- 
Thanks,
//richard

------------------------------------------------------------------------------
(Continue reading)

Permalink | Reply |
headers
Nicolas Greneche | 13 Feb 10:52
Picon
Favicon

Re: [uml-user] SELinux inside a UML

Le 11/02/2012 13:03, richard -rw- weinberger a écrit :
> On Thu, Feb 9, 2012 at 4:11 PM, Nicolas Greneche
> <nicolas.greneche <at> univ-paris13.fr>  wrote:
>> Hi,
>>
>> I would like to create a SELinux aware UML. I compiled a ARCH=um kernel
>> with SELinux activated.
>
> Are you sure?
>

Really sure ;)

>> The UML starts but SELinux seems to be disabled. Libselinux is installed
>> so I have userspace tools to check selinux availability and mode
>> (permissive, targeted or strict).
>>
>> Does somebody have a positive feedback about putting SELinux inside a UML ?
>>
>
> Just built a SELinux enabled UML kernel and booted FC16.
> SELinux seems to work.
> At least it stops me from doing anything as usual. ;-)

Thanks for your feedback, now I'm sure that it is possible. I will keep 
on searching what I've done wrong.

Thank you again Richard !

>
(Continue reading)

Permalink | Reply |
headers
richard -rw- weinberger | 13 Feb 11:34
Picon

Re: [uml-user] SELinux inside a UML

On Mon, Feb 13, 2012 at 10:52 AM, Nicolas Greneche
<nicolas.greneche <at> univ-paris13.fr> wrote:
> Le 11/02/2012 13:03, richard -rw- weinberger a écrit :
>
>> On Thu, Feb 9, 2012 at 4:11 PM, Nicolas Greneche
>> <nicolas.greneche <at> univ-paris13.fr>  wrote:
>>>
>>> Hi,
>>>
>>> I would like to create a SELinux aware UML. I compiled a ARCH=um kernel
>>> with SELinux activated.
>>
>>
>> Are you sure?
>>
>
> Really sure ;)

I meant, are you sure you've enabled the correct SELinux settings?
CONFIG_DEFAULT_SECURITY is a tricky one...

--

-- 
Thanks,
//richard

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
(Continue reading)

Permalink | Reply |
headers
Nicolas Greneche | 13 Feb 14:54
Picon
Favicon

Re: [uml-user] SELinux inside a UML

Le 13/02/2012 11:34, richard -rw- weinberger a écrit :
> On Mon, Feb 13, 2012 at 10:52 AM, Nicolas Greneche
> <nicolas.greneche <at> univ-paris13.fr>  wrote:
>> Le 11/02/2012 13:03, richard -rw- weinberger a écrit :
>>
>>> On Thu, Feb 9, 2012 at 4:11 PM, Nicolas Greneche
>>> <nicolas.greneche <at> univ-paris13.fr>    wrote:
>>>>
>>>> Hi,
>>>>
>>>> I would like to create a SELinux aware UML. I compiled a ARCH=um kernel
>>>> with SELinux activated.
>>>
>>>
>>> Are you sure?
>>>
>>
>> Really sure ;)
>
> I meant, are you sure you've enabled the correct SELinux settings?
> CONFIG_DEFAULT_SECURITY is a tricky one...
>

That's it, I misunderstood this option. I changed from classic DAC to 
SELinux and it works.

Thanks Richard for spotting me this configuration setting !

--

-- 
Nicolas Grenèche
(Continue reading)

Permalink | Reply |

Gmane