From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <707f057d0812270525t1f6fa095i9ace0cc6e4d3bd6e@mail.gmail.com> Date: Sat, 27 Dec 2008 21:25:19 +0800 From: "xing li" To: SELinux@tycho.nsa.gov Subject: Where can i find the source code of Userspace Packages with modifications for SELinux? MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_33850_18767367.1230384319611" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov ------=_Part_33850_18767367.1230384319611 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hello every one, I known that linux distributions have modify some userspace packages in order to support selinux,such as: - SysVinit - load initial policy - pam - set security context for user sessions, preserve security context on /etc/shadow, check SELinux permissions - util-linux - preserve security contexts on /etc/shadow, check SELinux permissions - openssh - set security context for user sessions - vixie-cron - set security context for cron jobs, check permission - at - similar to vixie-cron - sudo - set security context - shadow-utils - preserve security context on /etc/shadow - libuser - preserve security context on /etc/shadow, check permission - passwd - preserve security context on /etc/shadow, check permission - logrotate - preserve security context on logs - coreutils - get and set process and file security contexts - findutils - find files with specific security contexts or display them - procps - display process contexts - psmisc - display process contexts http://userspace.selinuxproject.org/trac/wiki/Userland and i am interested how the userspace packages be motified? and where can i find the relevant the source code of these? ------=_Part_33850_18767367.1230384319611 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
Hello every one,
 
I known that linux distributions have modify some userspace packages in order to support selinux,such as:
http://userspace.selinuxproject.org/trac/wiki/Userland
and i am interested how the userspace packages be motified?
and where can i find the relevant the source code of these? 
 
------=_Part_33850_18767367.1230384319611-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id mBT7C5kB005880 for ; Mon, 29 Dec 2008 02:12:05 -0500 Received: from yw-out-1718.google.com (jazzhorn.ncsc.mil [144.51.5.9]) by mummy.ncsc.mil (8.12.10/8.12.10) with ESMTP id mBT7C4k6001601 for ; Mon, 29 Dec 2008 07:12:05 GMT Received: by yw-out-1718.google.com with SMTP id 6so1496319ywa.84 for ; Sun, 28 Dec 2008 23:12:04 -0800 (PST) Message-ID: <707f057d0812282312r19e324a8y4ace684ed1646812@mail.gmail.com> Date: Mon, 29 Dec 2008 15:12:03 +0800 From: "xing li" To: "domg472 g472" , selinux@tycho.nsa.gov Subject: Re: Where can i find the source code of Userspace Packages with modifications for SELinux? In-Reply-To: <5aebb9fb0812270551g49c21fdm9bc7dd156182cf53@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_26261_17925922.1230534723610" References: <707f057d0812270525t1f6fa095i9ace0cc6e4d3bd6e@mail.gmail.com> <5aebb9fb0812270551g49c21fdm9bc7dd156182cf53@mail.gmail.com> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov ------=_Part_26261_17925922.1230534723610 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I have download the upstart source code from ubuntu http://packages.ubuntu.com/, (hardy) but i have't found the selinux relevant code in it. I am so confused that how the /sbin/init invoke the "load_policy" function during system initialization? 2008/12/27 domg472 g472 > Most if not everything should be upstream. so if you would want to edit > "cp" then you would get the source code for coreutils on the project site > for coreutils. > > selinux userland tools source is here: > > http://userspace.selinuxproject.org/trac/browser/policycoreutils > ------=_Part_26261_17925922.1230534723610 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
I have download the upstart source code from ubuntu http://packages.ubuntu.com/,  (hardy)
but i have't found the selinux relevant code in it. I am so  confused that how the /sbin/init invoke
the "load_policy" function during system initialization?

2008/12/27 domg472 g472 <domg472@gmail.com>
Most if not everything should be upstream. so if you would want to edit "cp" then you would get the source code for coreutils on the project site for coreutils.

selinux userland tools source is here:

http://userspace.selinuxproject.org/trac/browser/policycoreutils

------=_Part_26261_17925922.1230534723610-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mummy.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id mBTFVvxn024217 for ; Mon, 29 Dec 2008 10:31:58 -0500 Received: from mx2.redhat.com (jazzhorn.ncsc.mil [144.51.5.9]) by mummy.ncsc.mil (8.12.10/8.12.10) with ESMTP id mBTFVuEH013849 for ; Mon, 29 Dec 2008 15:31:57 GMT Message-ID: <4958ED67.70807@redhat.com> Date: Mon, 29 Dec 2008 10:31:51 -0500 From: Daniel J Walsh MIME-Version: 1.0 To: xing li CC: domg472 g472 , selinux@tycho.nsa.gov Subject: Re: Where can i find the source code of Userspace Packages with modifications for SELinux? References: <707f057d0812270525t1f6fa095i9ace0cc6e4d3bd6e@mail.gmail.com> <5aebb9fb0812270551g49c21fdm9bc7dd156182cf53@mail.gmail.com> <707f057d0812282312r19e324a8y4ace684ed1646812@mail.gmail.com> In-Reply-To: <707f057d0812282312r19e324a8y4ace684ed1646812@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 xing li wrote: > I have download the upstart source code from ubuntu > http://packages.ubuntu.com/, (hardy) > but i have't found the selinux relevant code in it. I am so confused that > how the /sbin/init invoke > the "load_policy" function during system initialization? > > 2008/12/27 domg472 g472 > >> Most if not everything should be upstream. so if you would want to edit >> "cp" then you would get the source code for coreutils on the project site >> for coreutils. >> >> selinux userland tools source is here: >> >> http://userspace.selinuxproject.org/trac/browser/policycoreutils >> > It doesn't, load_policy is being executed in the initrd. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklY7WcACgkQrlYvE4MpobOglACeIt0QPC5rbcKojYOxcWCsfAoD 888AoIVrOzMiCQelt4cEF16/8o4iXg1A =J1AA -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4958EDA7.5000206@redhat.com> Date: Mon, 29 Dec 2008 10:32:55 -0500 From: Daniel J Walsh MIME-Version: 1.0 To: xing li CC: SELinux@tycho.nsa.gov Subject: Re: Where can i find the source code of Userspace Packages with modifications for SELinux? References: <707f057d0812270525t1f6fa095i9ace0cc6e4d3bd6e@mail.gmail.com> In-Reply-To: <707f057d0812270525t1f6fa095i9ace0cc6e4d3bd6e@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 xing li wrote: > Hello every one, > > I known that linux distributions have modify some userspace packages in > order to support selinux,such as: > > - SysVinit - load initial policy > - pam - set security context for user sessions, preserve security context > on /etc/shadow, check SELinux permissions > - util-linux - preserve security contexts on /etc/shadow, check SELinux > permissions > - openssh - set security context for user sessions > - vixie-cron - set security context for cron jobs, check permission > - at - similar to vixie-cron > - sudo - set security context > - shadow-utils - preserve security context on /etc/shadow > - libuser - preserve security context on /etc/shadow, check permission > - passwd - preserve security context on /etc/shadow, check permission > - logrotate - preserve security context on logs > - coreutils - get and set process and file security contexts > - findutils - find files with specific security contexts or display them > - procps - display process contexts > - psmisc - display process contexts > > http://userspace.selinuxproject.org/trac/wiki/Userland > and i am interested how the userspace packages be motified? > and where can i find the relevant the source code of these? > They are either in the upstream packages or contained as patches in the Fedora and other Distro Releases -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAklY7aYACgkQrlYvE4MpobMY3wCg4wyZfRrie1gi6PDEj3BjBNF7 v2kAoIUDv6SmffthhWpZ9WuAGNB4WRyK =iPOd -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from zombie2.ncsc.mil (zombie2.ncsc.mil [144.51.88.133]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id n023Mc3x004065 for ; Thu, 1 Jan 2009 22:22:43 -0500 Received: from etbe.coker.com.au (jazzdrum.ncsc.mil [144.51.5.7]) by zombie2.ncsc.mil (8.12.10/8.12.10) with ESMTP id n023JtiK020146 for ; Fri, 2 Jan 2009 03:20:01 GMT From: Russell Coker Reply-To: russell@coker.com.au To: "xing li" Subject: Re: Where can i find the source code of Userspace Packages with modifications for SELinux? Date: Fri, 2 Jan 2009 14:22:21 +1100 Cc: selinux@tycho.nsa.gov References: <707f057d0812270525t1f6fa095i9ace0cc6e4d3bd6e@mail.gmail.com> <5aebb9fb0812270551g49c21fdm9bc7dd156182cf53@mail.gmail.com> <707f057d0812282312r19e324a8y4ace684ed1646812@mail.gmail.com> In-Reply-To: <707f057d0812282312r19e324a8y4ace684ed1646812@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Message-Id: <200901021422.22782.russell@coker.com.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Monday 29 December 2008 18:12, "xing li" wrote: > I have download the upstart source code from ubuntu > http://packages.ubuntu.com/,  (hardy) > but i have't found the selinux relevant code in it. I am so  confused that > how the /sbin/init invoke > the "load_policy" function during system initialization? http://etbe.coker.com.au/2008/07/24/se-linux-policy-loading/ I have described all the issues at the above blog post. Use SysVInit and the patch is there. If you want to use Upstart then you could patch it yourself (it's just a matter of copying a couple of chunks of code from SysVInit). Another option is to use the wrapper script hack that I used ages ago on Cobalt machines. Just boot the kernel with init=/sbin/init-wrapper and then have /sbin/init-wrapper be a shell script like the following: #!/bin/bash /usr/sbin/load_policy exec /sbin/init Messing with the initrd is just a bad idea, such things are not going to happen in Debian. In fact, why not just use Debian? I think that overall the result you get will be a lot better if you use Debian instead of Ubuntu for running SE Linux. -- russell@coker.com.au http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.