Selinux possible on Debian-Linux/ppc?

Selinux possible on Debian-Linux/ppc?

[Wolfgang Pfeiffer]

Hi All

First what I have here:

$ cat /proc/cpuinfo 
processor       : 0
cpu             : 7455, altivec supported
clock           : 867MHz
revision        : 3.2 (pvr 8001 0302)
bogomips        : 864.64
machine         : PowerBook3,5
motherboard     : PowerBook3,5 MacRISC2 MacRISC Power Macintosh
board revision  : 00000000
detected as     : 80 (PowerBook Titanium IV)
pmac flags      : 0000000b
L2 cache        : 256K unified
memory          : 768MB
pmac-generation : NewWorld

And I'm running 2 OS's on that machine: Mac OS X (that gets booted here
about once in 2 months or so ...  :). And Debian Linux, unstable
edition.

I'm planning to get a SE Kernel 2.6 compiled here.

But I'm not quite sure whether SElinux will run on that machine, and on
Debian-ppc ...

On 
<http://www.nsa.gov/selinux/>:
I read:
"Currently, we can only support the x86 architecture .."

But a quick search for SElinux packages for my system gives this:

      * checkpolicy - SELinux policy compiler
      * libselinux1 - SELinux shared libraries
      * libselinux1-dev - SELinux development headers
      * policycoreutils - SELinux core policy utilities
      * selinux-doc - documentation for Security-Enhanced Linux
      * selinux-policy-default - Policy config files and management for
        NSA Security Enhanced Linux
      * selinux-utils - SELinux utility programs


So my hope is that the info on
<http://www.nsa.gov/selinux/>
isn't valid any more. Or that it simply means that the downloadable
packages on  .<http://www.nsa.gov/selinux/>  are meant for Intel only ..

Thanks for some hints in anticipation

Best Regards
Wolfgang
-- 
Profile, links: http://profiles.yahoo.com/wolfgangpfeiffer


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Selinux possible on Debian-Linux/ppc?

[Joerg Hoh]

[-- Attachment #1: Type: text/plain, Size: 755 bytes --]

On Sun, Jul 25, 2004 at 05:32:36PM +0200, Wolfgang Pfeiffer wrote:
> 
> I'm planning to get a SE Kernel 2.6 compiled here.
> 
> But I'm not quite sure whether SElinux will run on that machine, and on
> Debian-ppc ...

I think SELinux runs well on your machine, most little/big-endian flaws
should have been found ...

> On 
> <http://www.nsa.gov/selinux/>:
> I read:
> "Currently, we can only support the x86 architecture .."

This is a historic statement :-) SELinux ran fine on my alpha 6 months
ago.

Joerg

-- 
Fachbegriffe der Informatik (Nr 289): Chef
- Jemand, der ohne Plan von der Sache unsinnige Anweisungen gibt, die Erfolge
für sich reklamiert und die Katastrophen an »die Techniker« weitergibt. 
	Alexander Schreiber

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Selinux possible on Debian-Linux/ppc?

[Russell Coker]

On Mon, 26 Jul 2004 01:32, Wolfgang Pfeiffer <roto@gmx.net> wrote:
> But I'm not quite sure whether SElinux will run on that machine, and on
> Debian-ppc ...

It is expected to work, I think that the Gentoo people have been getting PPC 
machines to run SE Linux.

> But a quick search for SElinux packages for my system gives this:
>
>       * checkpolicy - SELinux policy compiler
>       * libselinux1 - SELinux shared libraries
>       * libselinux1-dev - SELinux development headers
>       * policycoreutils - SELinux core policy utilities
>       * selinux-doc - documentation for Security-Enhanced Linux
>       * selinux-policy-default - Policy config files and management for
>         NSA Security Enhanced Linux
>       * selinux-utils - SELinux utility programs

You will need to compile ssh, dpkg, cron, sysvinit, logrotate, and pam with 
the SE Linux patches from my web site to get it going.  I only have i386 
architecture hardware, and a lot of my stuff hasn't been accepted into Debian 
yet.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Selinux possible on Debian-Linux/ppc?

[Jim McCullough]

I'm not sure on ppc.  I never had to install linux on one personally.  
Give me two more weeks and I will tell you how it goes with SGI Octane's 
though.  I scavenged two at work for mini-servers for the group I am 
with.  Before they went out the door to the dump.  One of which is going 
to requires some extensive perl work to incorperate NetDisco project.  
Default Debian Sarge build breaks the root discovery with CDP SNMP and 
creation of network topology maps.  The other box is for nagios with 
selinux kernel base and policies because of the dual roll with the 
IT-Security group for network security scans, and with Network-Ops for 
monitoring network devices and servers.
I will let you know how the build goes when I get it completed.  BTW, 
the CVS archive on the web site seems to be holding stable at work on a 
P3 500 I setup on 2.6.7 last thurs.  Still going and still screaming, 
throughput and performance much better than the 2.6.7-686 build from the 
binary tree.

Jim McCullough

Russell Coker wrote:

>On Mon, 26 Jul 2004 01:32, Wolfgang Pfeiffer <roto@gmx.net> wrote:
>  
>
>>But I'm not quite sure whether SElinux will run on that machine, and on
>>Debian-ppc ...
>>    
>>
>
>It is expected to work, I think that the Gentoo people have been getting PPC 
>machines to run SE Linux.
>
>  
>
>>But a quick search for SElinux packages for my system gives this:
>>
>>      * checkpolicy - SELinux policy compiler
>>      * libselinux1 - SELinux shared libraries
>>      * libselinux1-dev - SELinux development headers
>>      * policycoreutils - SELinux core policy utilities
>>      * selinux-doc - documentation for Security-Enhanced Linux
>>      * selinux-policy-default - Policy config files and management for
>>        NSA Security Enhanced Linux
>>      * selinux-utils - SELinux utility programs
>>    
>>
>
>You will need to compile ssh, dpkg, cron, sysvinit, logrotate, and pam with 
>the SE Linux patches from my web site to get it going.  I only have i386 
>architecture hardware, and a lot of my stuff hasn't been accepted into Debian 
>yet.
>
>  
>


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Selinux possible on Debian-Linux/ppc?

[Christopher J. PeBenito]

On Sun, 2004-07-25 at 23:40, Russell Coker wrote:
> On Mon, 26 Jul 2004 01:32, Wolfgang Pfeiffer <roto@gmx.net> wrote:
> > But I'm not quite sure whether SElinux will run on that machine, and on
> > Debian-ppc ...
> 
> It is expected to work, I think that the Gentoo people have been getting PPC 
> machines to run SE Linux.

Yes, it works fine on PPC.  Gentoo has some support for SELinux/PPC;
I've been running it on my Mac since 2.6.0-test3.  SPARC64 also works.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Selinux possible on Debian-Linux/ppc?

[Wolfgang Pfeiffer]

On Tue, 2004-07-27 at 15:18, Christopher J. PeBenito wrote:
> On Sun, 2004-07-25 at 23:40, Russell Coker wrote:
> > On Mon, 26 Jul 2004 01:32, Wolfgang Pfeiffer <roto@gmx.net> wrote:
> > > But I'm not quite sure whether SElinux will run on that machine, and on
> > > Debian-ppc ...
> > 
> > It is expected to work, I think that the Gentoo people have been getting PPC 
> > machines to run SE Linux.
> 
> Yes, it works fine on PPC.  Gentoo has some support for SELinux/PPC;
> I've been running it on my Mac since 2.6.0-test3.  SPARC64 also works.

I'm hopeful it will work here. And after all: I do not, and cannot,
expect 100% guaranteed success, especially as I run Debian unstable
here. So if anything goes wrong it's not necessarily SElinux's fault. 

And I became more and more curios on SE-linux , so I think if things are
new one has to bear some risk that things can break. 

The only risk I see is my ignorance (I'm relatively new to Debian -
before I had a RedHat Linux system ... but let's see ... :)

At any rate I'll keep another (non-SE, AFAIKS) 2.4 kernel handy, just in
case ...

Thanks to everyone

Best Regards
Wolfgang

-- 
Profile, links: http://profiles.yahoo.com/wolfgangpfeiffer


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Selinux possible on Debian-Linux/ppc?

[Luke Kenneth Casson Leighton]

On Tue, Jul 27, 2004 at 05:51:30PM +0200, Wolfgang Pfeiffer wrote:
> On Tue, 2004-07-27 at 15:18, Christopher J. PeBenito wrote:
> > On Sun, 2004-07-25 at 23:40, Russell Coker wrote:
> > > On Mon, 26 Jul 2004 01:32, Wolfgang Pfeiffer <roto@gmx.net> wrote:
> > > > But I'm not quite sure whether SElinux will run on that machine, and on
> > > > Debian-ppc ...
> > > 
> > > It is expected to work, I think that the Gentoo people have been getting PPC 
> > > machines to run SE Linux.
> > 
> > Yes, it works fine on PPC.  Gentoo has some support for SELinux/PPC;
> > I've been running it on my Mac since 2.6.0-test3.  SPARC64 also works.
> 
> I'm hopeful it will work here. And after all: I do not, and cannot,
> expect 100% guaranteed success, especially as I run Debian unstable
> here. So if anything goes wrong it's not necessarily SElinux's fault. 
> 
> And I became more and more curios on SE-linux , so I think if things are
> new one has to bear some risk that things can break. 
> 
> The only risk I see is my ignorance (I'm relatively new to Debian -
> before I had a RedHat Linux system ... but let's see ... :)

 gosh.  brave, stupid or curious, it's all the same to me: admiration
 at your endeavours, or entertainment for all as your system
 crashes-and-burns...

> At any rate I'll keep another (non-SE, AFAIKS) 2.4 kernel handy, just in
> case ...
 
 remember that if you _do_ run a non-selinux kernel, and you ever get
 to write files with that kernel onto your drives, those files will
 have their SE/Linux permissions set to (none) - which means "No Access"
 if you reboot into an selinux kernel :)

 if you're using 2.6.6, grab the config file off of:

	 http://www.hands.com/~lkcl/selinux/

 and, duh, obviously, change the processor type to PPC
 and anything else you know of that you know you should do.
 if you're not sure, take a diff -u of the standard PPC and
 standard 686 2.6.6 configs and then patch my one with that
 diff.

 if all else fails, ask.

 remember to follow the instructions at
 http://selinux.lemuria.org/install-2.6.html

 for the right kernel options (inc ext2/3 security)

 l.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.