3.2 Installing SELinux

     

SELinux can be installed in three fundamental ways:

  • As an integral component of a Linux distribution, installed at the same time as the distribution

  • By using binary or source packages, such as the .deb packages used by Debian GNU/Linux; the ebuilds used by Gentoo Linux; or the RPM packages used by Fedora Core, Red Hat Enterprise Linux, and SUSE Linux

  • By downloading, compiling, and installing the sources provided by the NSA

At the time of writing, only Fedora Core and Gentoo contain SELinux as a fully supported, native facility. So unless you choose one of those distributions, you must install SELinux yourself. If you install SELinux yourself, it's generally much more convenient to do so using packages. However, prebuilt packages are not available for every Linux distribution. Those who are unable or unwilling to use a distribution for which packages are available must compile the sources provided by the NSA. In many cases, the sources must be modified in order to work properly with the distinctive characteristics of a specific Linux distribution.

The following sections explain how to install and initially configure SELinux for several popular Linux distributions. The final section of this chapter explains how to install SELinux using the source code provided by the NSA.

Using X with SELinux

Coaxing SELinux into working with X has proven to be somewhat difficult. Recent releases of SELinux perform much better in this regard than older releases. But they still fall short of perfection . It's common for SELinux users to find that the login screen doesn't appear or that they can't log in.

The KDE Desktop has so far proven more resistant to interoperation with SELinux than its rival desktop, GNOME. The central problem is that various KDE programs run as identically named processes. Thus, SELinux cannot assign these KDE processes to distinct domains. One result of this inability is that KDE's temporary files sometimes cannot be labeled with appropriate domains. Thus, with respect to KDE, SELinux policies tend either to be too restrictive or too lax. We can hope that a future release of KDE or SELinux will somehow address this problem. In the meantime, for those using SELinux, GNOME is generally a better desktop choice than KDE.

If you find yourself unable to log into X, try returning to a text-mode console by pressing Ctrl-Alt-F1. Then log in and reboot the system in non-SELinux mode, as explained in Chapter 4.




SELinux. NSA's Open Source Security Enhanced Linux
Selinux: NSAs Open Source Security Enhanced Linux
ISBN: 0596007167
EAN: 2147483647
Year: 2003
Pages: 100
Authors: Bill McCarty

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net