"new" SELinux 2.4.22 UML kernel patch + sample Debian filesystem

"new" SELinux 2.4.22 UML kernel patch + sample Debian filesystem

[Colin Walters]

[-- Attachment #1: Type: text/plain, Size: 931 bytes --]

Hi,

I've merged the 2.4.22 LSM patch in Russell's Debian kernel patches with
the latest 2.4.22 UML bits, and placed the result here:

http://web.verbum.org/selinux/uml/

Additionally, I've created a roomy 350MB Debian sid image (which gzipped
into just 370kb), set up with the latest Debian sid SELinux packages. 
It seems to work fine even in enforcing mode.  I had to disable bootlogd
though.

It's a great way to play around with SELinux, especially if you use
UML's copy-on-write filesystem bits.  That way if you mess something up,
you can just delete your COW file and restart from the base image.

One tip: you will likely want to give your UML at least 64MB of ram;
setfiles seems to be summarily executed by the OOM killer with less. 
Here's how I'm booting the UML:

walters@nexus> ./linux enforcing=1 mem=64M ubd0=/build/uml/debian-se-work.img,/build/uml/debian-se.img eth0=tuntap,tap0

Enjoy!


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: "new" SELinux 2.4.22 UML kernel patch + sample Debian filesystem

[Colin Walters]

[-- Attachment #1: Type: text/plain, Size: 580 bytes --]

On Tue, 2003-12-02 at 01:50, Colin Walters wrote:

> Additionally, I've created a roomy 350MB Debian sid image (which gzipped
> into just 370kb), set up with the latest Debian sid SELinux packages. 
> It seems to work fine even in enforcing mode.  I had to disable bootlogd
> though.

Somehow I managed to upload the UML COW image instead of the actual
filesystem.  That's fixed now.

Note that the real image is 90MB, and I pay for bandwidth, so please
only download it if you are having trouble bootstrapping a root
filesystem and/or installing SELinux yourself.


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: "new" SELinux 2.4.22 UML kernel patch + sample Debian filesystem

[Tom]

On Wed, Dec 03, 2003 at 06:21:26PM -0500, Colin Walters wrote:
> Somehow I managed to upload the UML COW image instead of the actual
> filesystem.  That's fixed now.
> 
> Note that the real image is 90MB, and I pay for bandwidth, so please
> only download it if you are having trouble bootstrapping a root
> filesystem and/or installing SELinux yourself.

Is it in the tree that I rsync from you anyways? If not, just put it
there and people can download from my site. I don't pay for bandwidth
currently, so as long as it doesn't bog down the server, it's not an
issue.


-- 
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: "new" SELinux 2.4.22 UML kernel patch + sample Debian filesystem

[samwun]

Hi,

I've merged the 2.4.22 LSM patch in Russell's Debian kernel patches with
the latest 2.4.22 UML bits, and placed the result here:

http://web.verbum.org/selinux/uml/

The URL is not accessible, do you mind send me a full instruction about
how to create SELinux in yoru Debian system?

Thanks
Sam

Additionally, I've created a roomy 350MB Debian sid image (which gzipped
into just 370kb), set up with the latest Debian sid SELinux packages. 
It seems to work fine even in enforcing mode.  I had to disable bootlogd
though.

It's a great way to play around with SELinux, especially if you use
UML's copy-on-write filesystem bits.  That way if you mess something up,
you can just delete your COW file and restart from the base image.

One tip: you will likely want to give your UML at least 64MB of ram;
setfiles seems to be summarily executed by the OOM killer with less. 
Here's how I'm booting the UML:

walters@nexus> ./linux enforcing=1 mem=64M
ubd0=/build/uml/debian-se-work.img,/build/uml/debian-se.img
eth0=tuntap,tap0

Enjoy!



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: "new" SELinux 2.4.22 UML kernel patch + sample Debian filesystem

[Colin Walters]

[-- Attachment #1: Type: text/plain, Size: 415 bytes --]

[ It's rather confusing how you put your reply in my email without
quotation markers]

On Fri, 2003-12-05 at 05:05, samwun wrote:

> The URL is not accessible, do you mind send me a full instruction about
> how to create SELinux in yoru Debian system?

Not accessible?  Do you get a 404?  Does the connection time out?  Is it
refused?

Also, it's mirrored here:

http://selinux.lemuria.org/uml/uml/


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]