<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
A lot of the userspace changes are in the SRPMs but turned off. You
can rebuild using <br>
rpmbuild --define "WITH_SELINUX 1" XYZ.rpm to activate the changes.
The SELinux<br>
userspace packages are available on <br>
<br>
<a class="moz-txt-link-freetext" href="ftp://people.redhat.com/dwalsh/SELinux/packages">ftp://people.redhat.com/dwalsh/SELinux/packages</a><br>
<br>
This stuff is very experimental. The code checks to see if there is an
SELinux aware kernel, if not it should work just like the non patched
code.<br>
<br>
Any help would be appreciated.<br>
<br>
Dan<br>
<br>
Michael K. Johnson wrote:<br>
<blockquote type="cite"
cite="mid20030813151526.A12687@devserv.devel.redhat.com">
<pre wrap="">On Wed, Aug 13, 2003 at 03:05:52PM +0100, Paul Nasrat wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Wed, Aug 13, 2003 at 07:52:57AM -0600, Chris Ricker wrote:
</pre>
<blockquote type="cite">
<pre wrap=""><re-routed to devel list>
</pre>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">Speaking of which, is there any interest in incorporating RSBAC (preferably)
or SELinux into RHLP, long-term?
</pre>
</blockquote>
<pre wrap="">SELinux architecture has been merged in 2.6.0-test3, so I imagine that
Cambridge++ will have that SELinux in it.
</pre>
</blockquote>
<pre wrap=""><!---->
Well, the technology exists in the kernel source tree, and we
encouraged its inclusion in the mainline tree. But SELinux has
other components, particularly userland code changes and policy.
Policy management is a major job in and of itself. Also, there's
a performance cost to enabling SELinux that needs to be considered.
As I've mentioned before, upstream acceptance is a key point; this
distinguishes SELinux. In addition, Red Hat is specifically working
on SELinux, as mentioned in a webcast we did recently:
<a class="moz-txt-link-freetext" href="https://www.redhat.com/apps/webform.html?event_type=webcast&eid=225">https://www.redhat.com/apps/webform.html?event_type=webcast&eid=225</a>
And the top search response on SELinux on our web site is this page:
<a class="moz-txt-link-freetext" href="http://www.redhat.com/solutions/security/SELinux.html">http://www.redhat.com/solutions/security/SELinux.html</a>
We haven't made a committment to include SELinux in Cambridge++,
nor to not include it. :-) We're certainly actively working on
SELinux, and if there are like-minded developers who want to, say,
participate with us in doing policy work, speak up, and maybe it
will make sense.
I'm personally curious: how many people on this list have worked on
SELinux policy and/or policy tools?
michaelkjohnson
"He that composes himself is wiser than he that composes a book."
Linux Application Development -- Ben Franklin
<a class="moz-txt-link-freetext" href="http://people.redhat.com/johnsonm/lad/">http://people.redhat.com/johnsonm/lad/</a>
--
Rhl-devel-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Rhl-devel-list@redhat.com">Rhl-devel-list@redhat.com</a>
<a class="moz-txt-link-freetext" href="http://www.redhat.com/mailman/listinfo/rhl-devel-list">http://www.redhat.com/mailman/listinfo/rhl-devel-list</a>
</pre>
</blockquote>
</body>
</html>