FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-04-2009, 05:15 PM
"Dyson, Mark L (IS)"
 
Default Obtaining MLS policy package for RHEL5?

Title: Obtaining MLS policy package for RHEL5?






Hello,


For a test machine I was provided a SunFire X2200 (AMD processors) with RHEL5 pre-installed.* I wasn’t provided the install media.* It currently only has the targeted policy package installed.* Is there a source from which I can download and install the multi-level security package(s)?


I had been pointed to some “LSPP” information based on an earlier question but, aside from my system type not being represented, from appearances those packages were intended for a fresh install based on a strictly limited hardware/software architecture.* I’m not sure how I would be able to use them in my case.


Thanks in advance!

Mark



--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-04-2009, 05:31 PM
"Justin P. Mattock"
 
Default Obtaining MLS policy package for RHEL5?

On 12/04/09 10:15, Dyson, Mark L (IS) wrote:

Hello,

For a test machine I was provided a SunFire X2200 (AMD processors) with
RHEL5 pre-installed. I wasn't provided the install media. It currently
only has the targeted policy package installed. Is there a source from
which I can download and install the multi-level security package(s)?

I had been pointed to some "LSPP" information based on an earlier
question but, aside from my system type not being represented, from
appearances those packages were intended for a fresh install based on a
strictly limited hardware/software architecture. I'm not sure how I
would be able to use them in my case.

Thanks in advance!
Mark




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


can;t remember, but they do offer
a policy-strict which
might be similiar to mls,
but if you want the full fledged
mls you will need to load refpolicy
from tresys, and change build.conf
to use mls. keep in mind mls
doesn't really work well with the xserver
if that at all.

Justin P. Mattock

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-04-2009, 07:56 PM
Dominick Grift
 
Default Obtaining MLS policy package for RHEL5?

On Fri, Dec 04, 2009 at 12:15:07PM -0600, Dyson, Mark L (IS) wrote:
> Hello,
>
> For a test machine I was provided a SunFire X2200 (AMD processors) with
> RHEL5 pre-installed. I wasn't provided the install media. It currently
> only has the targeted policy package installed. Is there a source from
> which I can download and install the multi-level security package(s)?

yum install selinux-policy-mls
edit /etc/selinux/config (replace SELINUXTYPE (targeted by mls)
touch /.autorelabel && reboot

You might want to boot with enforcing=0 in kernel boot line so that relabeling can go ahead and that you can log into the system.

you might also want to check this out:

http://oss.tresys.com/projects/clip
>
> I had been pointed to some "LSPP" information based on an earlier
> question but, aside from my system type not being represented, from
> appearances those packages were intended for a fresh install based on a
> strictly limited hardware/software architecture. I'm not sure how I
> would be able to use them in my case.
>
> Thanks in advance!
> Mark

> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-07-2009, 11:33 AM
"Dyson, Mark L (IS)"
 
Default Obtaining MLS policy package for RHEL5?

Dominic,

Many thanks. Could you point me to where I can get that policy file?
The help info I've seen just points me to the RHEL install media, which
I don't have available right now.

The Clip site looks extremely interesting, definitely going to spend
some time there.

Thanks again!
Mark

-----Original Message-----
From: fedora-selinux-list-bounces@redhat.com
[mailto:fedora-selinux-list-bounces@redhat.com] On Behalf Of Dominick
Grift
Sent: Friday, December 04, 2009 3:56 PM
To: fedora-selinux-list@redhat.com
Subject: Re: Obtaining MLS policy package for RHEL5?

On Fri, Dec 04, 2009 at 12:15:07PM -0600, Dyson, Mark L (IS) wrote:
> Hello,
>
> For a test machine I was provided a SunFire X2200 (AMD processors)
> with
> RHEL5 pre-installed. I wasn't provided the install media. It
> currently only has the targeted policy package installed. Is there a
> source from which I can download and install the multi-level security
package(s)?

yum install selinux-policy-mls
edit /etc/selinux/config (replace SELINUXTYPE (targeted by mls) touch
/.autorelabel && reboot

You might want to boot with enforcing=0 in kernel boot line so that
relabeling can go ahead and that you can log into the system.

you might also want to check this out:

http://oss.tresys.com/projects/clip
>
> I had been pointed to some "LSPP" information based on an earlier
> question but, aside from my system type not being represented, from
> appearances those packages were intended for a fresh install based on
> a strictly limited hardware/software architecture. I'm not sure how I

> would be able to use them in my case.
>
> Thanks in advance!
> Mark

> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-07-2009, 11:41 AM
Dominick Grift
 
Default Obtaining MLS policy package for RHEL5?

On Mon, Dec 07, 2009 at 06:33:38AM -0600, Dyson, Mark L (IS) wrote:
> Dominic,
>
> Many thanks. Could you point me to where I can get that policy file?
> The help info I've seen just points me to the RHEL install media, which
> I don't have available right now.

The source policy is here:
ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS (look for selinux-policy-{your.version}

The binary representation is available on the the official redhat distribution channel (i dont have a subscription thus i cannot point you to it)

>
> The Clip site looks extremely interesting, definitely going to spend
> some time there.
>
> Thanks again!
> Mark
>
> -----Original Message-----
> From: fedora-selinux-list-bounces@redhat.com
> [mailto:fedora-selinux-list-bounces@redhat.com] On Behalf Of Dominick
> Grift
> Sent: Friday, December 04, 2009 3:56 PM
> To: fedora-selinux-list@redhat.com
> Subject: Re: Obtaining MLS policy package for RHEL5?
>
> On Fri, Dec 04, 2009 at 12:15:07PM -0600, Dyson, Mark L (IS) wrote:
> > Hello,
> >
> > For a test machine I was provided a SunFire X2200 (AMD processors)
> > with
> > RHEL5 pre-installed. I wasn't provided the install media. It
> > currently only has the targeted policy package installed. Is there a
> > source from which I can download and install the multi-level security
> package(s)?
>
> yum install selinux-policy-mls
> edit /etc/selinux/config (replace SELINUXTYPE (targeted by mls) touch
> /.autorelabel && reboot
>
> You might want to boot with enforcing=0 in kernel boot line so that
> relabeling can go ahead and that you can log into the system.
>
> you might also want to check this out:
>
> http://oss.tresys.com/projects/clip
> >
> > I had been pointed to some "LSPP" information based on an earlier
> > question but, aside from my system type not being represented, from
> > appearances those packages were intended for a fresh install based on
> > a strictly limited hardware/software architecture. I'm not sure how I
>
> > would be able to use them in my case.
> >
> > Thanks in advance!
> > Mark
>
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 01:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org