Arch Linux

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Updated SELinux enabled kernel to 2.6.34, here is a link for the tarball at edisk: http://www.edisk.cz/stahnout-soubor/793 … .29KB.html (same as at the AUR page).

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added selinux-util-linux-ng package to AUR, plan to add other SELinux aware packages soon.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added selinux-udev package to AUR, updated the wiki page.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Allan

Pacman

From: Brisbane, AU

Registered: 2007-06-09

Posts: 11,410

Website

Re: SELinux and Arch

You are doing a great job with this...  ever considered becoming TU and bringing the basic components for SELinux back into the [community] repo?

---

PGP Key: F99FFE0FEAE999BD

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added selinux-findutils package to AUR.

To Allan: Thank you, it's basically just [core] packages with some simple tweaks. As for TU, well I don't think I'm ready for that, it would be good for the packages though. Will try to gain some more experience and we'll see.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added selinux-sudo package to AUR.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added selinux-procps and selinux-psmisc packages to AUR.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added selinux-shadow package to AUR. Configuration of  PAM (/etc/pam.d/login) is part of this package (now according to SELinux wiki: http://selinuxproject.org/page/NB_PAM). Updated Arch wiki to reflect the change.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added selinux-cronie and selinux-logrotate to AUR.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added selinux-openssh to AUR. This concludes my latest efforts to bring SELinux-aware system utilities (mentioned here: http://userspace.selinuxproject.org/trac/wiki/Userland
) to Arch Linux.

My next goal is to make installing SELinux in Arch a bit more user-friendly. I will try to provide meta-package and incorporate some more changed configuration files to existing packages to minimize the level of user manual editing. I would also like to suply compiled policy package.

Keep your fingers crossed for me.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

ngoonee

Forum Fellow

From: Between Thailand and Singapore

Registered: 2009-03-17

Posts: 7,356

Re: SELinux and Arch

Impressive effort. I'm not a big fan of security (read: paranoia), and thus not of SELinux, but its very good to see users contributing to scratch their own itch. Or in other words "linux as its meant to be".

---

Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

All SELinux packages have some groups assigned, that is selinux, selinux-userspace, selinux-system-utilities and selinux-extras. Don't know how much can AUR use it, but it can be used when querring local repo, or uninstalling all selinux related packages (if you really want to do that).

Package selinux-setools now builds again (SWIG version check).

Updated the wiki.

Package selinux-flex doesn't build at my selinux-testing machine though it builds at my other machine, it actually should not need any SELinux, so it's wierd. Will look at it.

Last edited by Nicky726 (2010-08-24 11:30:16)

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Added package selinux-refpolicy to AUR. It's just modular vanilla refpolicy with an install script, so it is no longer needed for user to build the refpolicy manually. This package now owns the main configuration file, as it seemed more proper to me (hope I didn't caused troubles by changing it from libselinux). Updated the wiki page. And made the selinux-refpolicy, selinux-refpolicy-src and selinux-usr-libselinux more follow Arch Linux packaging standards (others will follow).

Ideas and feedback about selinux-refpolicy would be extremely appreciated.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

colyte

Member

Registered: 2009-05-16

Posts: 8

Re: SELinux and Arch

Great work.

Keep it up!

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

Found out, that half of SELinux userspace utilities depends on python2, thanx to Cosimo Sacco. So I hotfixed it, made the dependency explicite and did some testing, so it should compile and work fine. Though I feel kinda ashamed this alluded me for so long. :-(

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

Nicky726

Member

From: Czech Republic

Registered: 2008-02-15

Posts: 142

Website

Re: SELinux and Arch

I started to develop a patch to the refpolicy that will make its usage on the Arch more pleasant. For now, there is not much included, but I will try to give it more in my free time. If you would like to help with patching refpolicy, or just suggesting what should be done, please contact me. For now I have just a local git repo and patches cated to one file, I'd want to make it public accessible in the future.

Package selinux-refpolicy-arch added.

---

"Although the masters make the rules
For the wise men and the fools
I got nothing, Ma, to live up to."

xangelux

Member

Registered: 2010-05-29

Posts: 73

Re: SELinux and Arch

Great work, i will read more about all the pros about using SELinux (i'm very curious), I want to test it but the wiki scared me so i didn't test it on my working coputer. I'll read more about it and try it on a virtual machine.