PDA

View Full Version : SELinux Enforcing on SLED 11 SP2



nagamohanp
30-May-2012, 23:28
Hi,

I'm trying to enforce SELinux on SLED 11 SP2 and followed instructions for "SELinux and openSUSE 11.1" from "http://en.opensuse.org/SDB:SELinux".

Here is my SLED11 version details.
output of "cat SuSE-release" is
SUSE Linux Enterprise Desktop 11 (X86_64)
Version =11
PATCHLEVEL = 2

when I'm trying to execute "zypper in checkpolicy policycoreutils selinux-tools libselinux1 libsepol1 libsemanage1" not able to install packages.
My system doesn't have location /etc/selinux/config. So, i have created this file.

when I do execute "sestatus", getting the output "command not found"

How can I enforce SELinux on SLED 11 SP2?

Appreciated your help in advance.

Thanks\Naga.

smflood
31-May-2012, 10:17
On 30/05/2012 23:34, nagamohanp wrote:

> I'm trying to enforce SELinux on SLED 11 SP2 and followed instructions
> for "SELinux and openSUSE 11.1" from
> "http://en.opensuse.org/SDB:SELinux".
>
> Here is my SLED11 version details.
> output of "cat SuSE-release" is
> SUSE Linux Enterprise Desktop 11 (X86_64)
> Version =11
> PATCHLEVEL = 2
>
> when I'm trying to execute "zypper in checkpolicy policycoreutils
> selinux-tools libselinux1 libsepol1 libsemanage1" not able to install
> packages.
> My system doesn't have location /etc/selinux/config. So, i have
> created this file.
>
> when I do execute "sestatus", getting the output "command not found"
>
> How can I enforce SELinux on SLED 11 SP2?
>
> Appreciated your help in advance.

Whilst the Release Notes for both SLED11 and SLED11 SP1 note that
SELinux capabilities were added as a Technology Preview, there is no
mention of SELinux in the either the Release Notes or documentation for
SLED11 SP2 (though it's also not covered in docs for SLED11 or SLED11 SP1).

I can't imagine the instructions for openSUSE 11.1 would apply for
SLED11 SP2 - it's more likely to be the ones for openSUSE 11.3.

The mention in Release Notes for the earlier releases do note that:

--begin--
* The shipped kernel features SELinux support.
* We will apply SELinux patches to all "common" userland packages.
* The libraries required for SELinux (libselinux, libsepol, libsemanage,
etc.) were added to openSUSE and SUSE Linux Enterprise.
* However, we are not offering enterprise class support for SELinux at
this time; thus we will run QA with SELinux disabled to ensure that
SELinux patches do not break the default delivery and the majority of
packages.
* We will not be shipping SELinux specific tools as part of the default
distribution delivery. However, the packages (such as checkpolicy,
policycoreutils, selinux-doc) will be available through the SUSE Linux
Enterprise Desktop repositories.
---end---

Let me ask my contacts at SUSE ...

HTH.
--
Simon
Novell/SUSE/NetIQ Knowledge Partner

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program. See novell.com/ttp for more details.
------------------------------------------------------------------------