On 10/25/2010 12:57 AM, Justin P. Mattock wrote:
> On 10/25/2010 12:09 AM, imsand@puzzle.ch wrote:
>> Hi Justin.
>>
>> First of all, thanks a lot for your efforts.
>
> youre welcome!!
>> Unfortunately I'm a little bit confused about what you've done exactly to
>> make it run.
>> Can you please summarize it and make a little step by step guide for me?
>
> I can try, but maybe later on another post(a bit late over here.)
>> Did selinux worked out of the box (on sles11.1)? Didn't had you have to
>> fix the bug in /lib/mkinitrd/scripts/boot-boot.sh and rebuild initrd?
>
> long story short, installed sles11.1, changed the repos to download 
> git-core
> then changed repos to download the rest of the packages to build the 
> latest Mainline kernel
> (make, make modules_install)
> then after that, installed all the SELinux packages, rebooted realized 
> even though this system is
> using sysvinit the policy still wont load without an initrd(must be 
> because my other systems have
> _nothing_ of the sort with initrd in them(*.h)or something, so ended 
> up using mkinitrd_setup to make the image
> so the policy can load..
>
> Then once loaded made sure the home directory was labelled correctly, 
> as well as other
> areas that I've seen issues with, then just started the sshd..with the 
> other machine with SELinux,
> and the iphone(touchterm ssh(free))..
>
>> which package have you build with --with-selinux and the --with-pam?
> this was on my cblfs system.. I just built this(all gnome etc..)and 
> didnt realize that I had
> built this wrong until I looked at config.log of the package and 
> noticed I messd up..
>
> after that things went good..(from over here sles11.1 sshd looks built 
> fine, maybe this is config issues..,
> only issue I noticed is getsebool/setsebool are missing, so just do: 
> mv /etc/initscript{,-old}
> to avoid problems during boot, or define the init_upstart boolean in 
> boolean.conf.)
>
>> which policy did you used?http://oss.tresys.com/git/refpolicy.git?
>>
>
> yep... I follow track
>
>> kind regards
>> Matthias
>>
>>
>
> Justin P. Mattock
>

FWIW heres the system info with SELinux and sles11.1:
http://fpaste.org/hdTI/

Justin P. Mattock