Re: How to start SELinux on embedded device

[rajkumar <rajkumarmadhani@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 2461 bytes --]

Hi

Thank you Emre Can Kucukoglu,
I am just at understanding level.

need your support further.

Regards
Rajkumar



On Thursday 14 May 2015 01:14 PM, Emre Can Kucukoglu wrote:
> Hi Rajkumar,
>
> Basically, you need 3 major steps.
>
> 1. Enable security framework and SELinux configurations from linux kernel.
> like: CONFIG_SECURITY_SELINUX, DEFAULT_SECURITY_SELINUX, 
> SECURITY_SELINUX_AVC_STATS, CONFIG_SECURITY_SELINUX_BOOTPARAM, 
> SECURITY_SELINUX_DEVELOP, CONFIG_SECURITY_SELINUX_DISABLE
> 2. Then download and compile SELinux: 
> https://github.com/SELinuxProject/selinux. Add cross-compiled files to 
> your rootfs.
> 3. Download and configure SELinux reference policy project, however 
> keep in mind, you have lots of redundant policy modules in reference 
> policy, you should keep them out. Load policies, enable your SELinux. 
> (see setenforce, /etc/selinux/config, boot args, kernel configuration).
> 4. Later, you 'can' download and compile setools3 (vs3 is stable one i 
> guess) to ease your policy management.
>
> I think SELinux notebook is a good resource to learn how to use 
> SELinux, not how to port it.
> You can look my presentation about SELinux overview, however keep in 
> mind that it is not reviewed yet.
> https://docs.google.com/presentation/d/1Qtl_vaxvcAPse47d2sCWH6IAhn9XYFKkHEsOddobHpw/edit?usp=sharing
>
> In which step do you think you are?
>
> 2015-05-14 9:40 GMT+03:00 rajkumar <rajkumarmadhani@gmail.com 
> <mailto:rajkumarmadhani@gmail.com>>:
>
>     Hi I am Rajkumar new to SELinux.
>
>
>     My Requirement is to start SELinux porting on Embedded device
>     consists of ARM processor.
>     Using linux kernel version is 3.0.35.
>     I started reading The SELinux notebook 4th edition.
>     Made some changes in .config like enabling SELinux in kernel.
>     And what are the changes need to be done rootfs apart from DAC 
>     and in kernel.
>
>
>     Please provide guidelines.
>
>     -- 
>     Regards
>     Rajkumar.m
>     +91 8501021114 <tel:%2B91%208501021114>
>
>     _______________________________________________
>     Selinux mailing list
>     Selinux@tycho.nsa.gov <mailto:Selinux@tycho.nsa.gov>
>     To unsubscribe, send email to Selinux-leave@tycho.nsa.gov
>     <mailto:Selinux-leave@tycho.nsa.gov>.
>     To get help, send an email containing "help" to
>     Selinux-request@tycho.nsa.gov <mailto:Selinux-request@tycho.nsa.gov>.
>
>
>
>
> -- 
> Emre Can Kucukoglu

-- 
Regards
Rajkumar.m


[-- Attachment #2: Type: text/html, Size: 4910 bytes --]