Re: [uml-user] SELinux inside a UML

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Le 11/02/2012 13:03, richard -rw- weinberger a écrit :
> On Thu, Feb 9, 2012 at 4:11 PM, Nicolas Greneche
> <nic...@un...>  wrote:
>> Hi,
>>
>> I would like to create a SELinux aware UML. I compiled a ARCH=um kernel
>> with SELinux activated.
>
> Are you sure?
>

Really sure ;)

>> The UML starts but SELinux seems to be disabled. Libselinux is installed
>> so I have userspace tools to check selinux availability and mode
>> (permissive, targeted or strict).
>>
>> Does somebody have a positive feedback about putting SELinux inside a UML ?
>>
>
> Just built a SELinux enabled UML kernel and booted FC16.
> SELinux seems to work.
> At least it stops me from doing anything as usual. ;-)

Thanks for your feedback, now I'm sure that it is possible. I will keep 
on searching what I've done wrong.

Thank you again Richard !

>
> type=1400 audit(1328961679.588:10): avc:  denied  { entrypoint } for
> pid=666 comm="login" path="/bin/bash" dev="ubda" ino=3539
> scontext=unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
>

-- 
Nicolas Grenèche

Centre de Ressources Informatiques
Université Paris NORD / UP13
99, avenue Jean-Baptiste Clément
93430 Villetaneuse

Tel : 01 49 40 40 35
Fax : 01 48 22 81 50