Re: Advice on bringing up SE Linux

["Lorenzo Hernández García-Hierro" <lorenzo@gnu.org>]

[-- Attachment #1: Type: text/plain, Size: 2156 bytes --]

El jue, 03-02-2005 a las 18:20 +1100, Russell Coker escribió:
> On Wednesday 02 February 2005 07:51, "Villalovos, John L" 
> <john.l.villalovos@intel.com> wrote:
> > > /sbin/init is what normally loads the policy during startup.  Are you
> > > using the modified /sbin/init (included in Fedora)?  What is in your
> > > /etc/selinux/config?
> >
> > Okay.  We are using Busybox for the init.  So it does not have the SE
> > Linux stuff in it.
> 
> The upstream developer of busybox was accepting of SE Linux patches, I had 
> some SE Linux patches in the busybox CVS at one time (not sure if they are 
> still there).  If I get a bit of spare time I'll do some more work on Busybox 
> SE Linux support, it's good to have for recovery purposes and I think I've 
> still got some patches hanging around that I never got sorted out properly 
> for release.
> 
> Also you may want to check out the paper I presented at OLS on getting SE 
> Linux running on iPaQ's, the stuff about wrapping busybox etc will probably 
> be of interest to you.
> 
> If you get the JFFS2 support written I'll be very interested, I have a couple 
> of iPaQ's I want to get running SE Linux again.

I've been studying the code from both mtd and Linux-2.6 sources of
JFFS2	.
Also talked with some people from the Gentoo project that could help
with it.
We can try to bring up a work module on the SELinux CVS and start doing
something there.

AFAIK, and from the conversations I had with one of the Hardened Gentoo
guys (solar), xattr takes an additional 32bytes or 1 block which makes
it an overhead that needs to be studied, and noticeable on devices with
*limited* storage capacity, such as iPAQs.

Anyways, I would like to discuss this with some kernel hackers before
getting into the job.
The best start is having such device for testing, and I don't own an
iPAQ, also using machine emulators is pretty a crap solution, in my
opinion.
(I have no experience working with ARM, so, sure I'm forgetting
something)

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo@gnu.org> 
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]

[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]