Talk:SELinux/Installation
Before creating a discussion or leaving a comment, please read about using talk pages. To create a new discussion, click here. Comments on an existing discussion should be signed using
~~~~
:
A comment [[User:Larry|Larry]] 13:52, 13 May 2024 (UTC) : A reply [[User:Sally|Sally]] 00:08, 11 October 2024 (UTC) :: Your reply ~~~~
Update
Very interesting documentation for starting on it, but I think an update with new profile (17.0 stable and/or 17.1 exp) is needed. On new profiles, it seems the /tmp is on the context without edit fstab and with OpenRC. Also, is possible add a command for list actual context, for example check if the tmpfs really complies the rules? Regards. Mustela (talk) 09:31, 7 September 2018 (UTC)
- Since the article's output of
eselect profile list
is recent, I'm willing to bet that this has been fixed long ago. - — Waldo Lemmer 14:45, 17 May 2024 (UTC)
LSM
In the latest kernels, there is no “Default security module”. Instead one have to use “Ordered list of enabled LSMs”. The documentation should be updated accordingly. Sorry if I cannot do it myself, I am totally new at using SELinux and wouldn’t want to write something wrong. Stéphane, Gentoo in the Alps (talk) 17:04, 9 April 2021 (UTC)
- As of 2024-03-08, the mentioned information is already in the article. --Lars Hint (talk) 10:55, 8 March 2024 (UTC)
I'm not sure when this changed, but the listed USE flags are wrong for the sec-policy/selinux-base package. ILMostro (talk) 07:41, 24 November 2021 (UTC)
PaX/grsecurity recommendation
It is seriously recommended to use SELinux together with other hardening improvements (such as PaX / grSecurity).
Is the PaX/grsec recommendation still relevant considering they stopped giving the patches out for free? The hardened-sources kernel used to provide grsec, but that's long gone now and the only way to use it would be to provide the patches yourself. I feel like this recommendation would only confuse users who aren't familiar with the grsec story already. xxc3nsoredxx (talk) 04:15, 18 October 2022 (UTC)
- This has been fixed.
- — Waldo Lemmer 14:44, 17 May 2024 (UTC)
When to reboot?
reboot after rebuild is mentioned, but nowhere in there a mark actually saying "reboot now"? --Damobrisbane (talk) 22:59, 7 March 2023 (UTC)
- The reboot is required before relabeling. Now it's mentioned. --Lars Hint (talk) 10:50, 8 March 2024 (UTC)
Changing profile
Not sure if that is the case for others, but changing your profile before emerging any base selinux package leads to errors when emerging them. If the profile is changed after the base packages have been emerged it does work. We should consider a change to the order of the installation steps. Please do test that on your own too. --BurningMemory (talk) 11:41, 17 May 2024 (UTC)
- I tried to reproduce the issue, but everything works as expected, no compilation errors occurred. I used the
default/linux/arm64/23.0/musl/hardened/selinux
profile. Are you sure you didn't update the system immediately after changing the profile? And didn't perform a reboot until it was allowed in the article? --Lars Hint (talk) 18:04, 31 August 2024 (UTC)