Need help configuring SELinux security policy

Need help seting up a server, or have a question on how to run one? This is the place.
Post Reply
User avatar
Tanx
Private First Class
Private First Class
Posts: 125
Joined: Sat Mar 22, 2008 11:14 pm

Need help configuring SELinux security policy

Post by Tanx » Thu Nov 27, 2008 5:50 pm

Trying to put up BZFS in a DMZ on EnGarde Linux. EnGarde makes heavy use of SELinux. I have everything working (including running in chroot jail) as long as I run with 'setenforce Permissive'. However, policy at this place requires SELinux be enabled ('Enforcing' mode), so I need to come up with a custom SELinux security policy.

Has anyone ever done this, and if so, would you be willing to share your (source) security policy with me? Or if not, can you suggest somewhere else to look for assistance.

TIA,
tanx
known as: Tanx, Eoncho, ckw.
Bzflag player since 2001.

User avatar
joevano
General
General
Posts: 1863
Joined: Sat Jun 18, 2005 1:08 pm
Location: South Bend, Indiana, USA

Post by joevano » Fri Nov 28, 2008 12:28 am

I would try on their IRC channel on irc.freenode.net, the channel is #EnGarde . If you don't have an IRC client you can use their web interface here: http://www.engardelinux.org/modules/index/irc.cgi
There is nothing worse than aggressive stupidity. -- Johann Wolfgang von Goethe
"How many legs does a dog have if you call his tail a leg? Four. Calling a tail a leg doesn't make it a leg." -- Abraham Lincoln

User avatar
Bullet Catcher
Captain
Captain
Posts: 556
Joined: Sat Dec 23, 2006 7:56 am
Location: Escondido, California

Post by Bullet Catcher » Fri Dec 12, 2008 6:50 pm

Take the log messages generated in permissive mode and use the audit2allow command to generate the policy rules you need.

Developing a standard SELinux policy for BZFlag is on my personal list of things to do, but it is not a high priority. The learning curve for the SELinux targeted policy is pretty steep even for someone who understands the fundamentals of mandatory access control.

User avatar
range-target
Private First Class
Private First Class
Posts: 21
Joined: Sat Dec 24, 2005 2:54 am
Location: Houston, Republic of Texas (formally of the USA)

Re: Need help configuring SELinux security policy

Post by range-target » Mon Feb 22, 2010 12:44 am

So, this is an older posts that I am reviving to see if anyone has created an SELinux policy type for bzfs on Fedora 12 running in "enforcing" and "targeted" mode? As an alternative, maybe one of the existing SELinux types which are part of the standard FC12 build are know to work okay? Thanks.
I drive, I shoot, I jump, I die. Pretty simple stuff...

Will admin for food! May Tux bless you.

Post Reply