Pravin wrote:
> Thanx Antoine,
> now SELinux is working in guest UML kernel 2.6.19.2
>
> Problem is that in 2.6.19.2, the only options that are shown in
> SECURITY area in configuration are as follows,
>
> [*] Enable access key retention support
> [*] Enable the /proc/keys file by which keys may be viewed
>
> [*] Enable different security models
>
> [*] Socket and Networking Security Hooks
> [*] XFRM
> (IPSec) Networking Security Hooks
> <*> Default Linux Capabilities
>
> There is no SELINUX option here, So I had to add it manually by
> observing other configuration files.
That's quite odd. Here is what I have in Security Options (check that
the dependencies are enabled):
Symbol: SECURITY_SELINUX [=y]
Prompt: NSA SELinux Support
Defined at security/selinux/Kconfig:1
Depends on: SECURITY_NETWORK && AUDIT && NET && INET
Location:
-> Security options
Selects: NETWORK_SECMARK
Starting with the kernel configs on http://uml.nagafix.co.uk/ should
give you something that works with SELinux in the menus.
Antoine
> I modified the generated configuration file, and added some
> configurations which were missing..
> options like AUDIT, NETWORK_SECMARK are not very intutive to me to be
> associated with SELINUX
>
> and now its working fine...
> On 2/1/07, Antoine Martin <[EMAIL PROTECTED]> wrote:
>> Pravin wrote:
>> > Thanx for reply.
>> >
>> > I changed my host kernel to 2.6.15 and tried to run those
>> precompiled and
>> > manually compiled 2.6.19.2 kernels. but I was facing same problem.
>> >
>> > {{{
>> > $ ./liunx ubd0=FedoraCore5-x86-root_fs
>> > Checking PROT_EXEC mmap in /tmp...OK
>> > Checking for the skas3 patch in the host:
>> > - /proc/mm...not found
>> > - PTRACE_FAULTINFO...not found
>> > - PTRACE_LDT...not found
>> > UML running in SKAS0 mode
>> >
>> > $
>> > }}}
>> >
>> >
>> ------------------------------------------------------------------------
>> > I also tried to use older kernel for guest kernel
>> > I tried with precompiled kernel 2.6.14.4 from
>> > http://uml.nagafix.co.uk/kernels/kernel32-2.6.14.4-bs3
>> > but it also gave same problem.
>> >
>> > but in case of mannual compilation, there was some progress.
>> > I downloaded 2.6.14.7 and compiled it with UML.
>> > but then I got
>> >
>> > {{{
>> > $ ./linux ubd0=FedoraCore5-x86-root_fs
>> > ..
>> > ..
>> > ..
>> > VFS: Cannot open root device "98:0" or unknown-block(98,0)
>> > Please append a correct "root=" boot option
>> > Kernel panic - not syncing: VFS: Unable to mount root fs on
>> > unknown-block(98,0)
>> > }}}
>> > When previously (a week before) i got this problem, I was been
>> advised to
>> > move to newer version or kernel.
>> How about adding root=/dev/ubda to the linux command?
>
> That was the first thing i tried.. bt didnt worked.. :-(
>
>
>> So it looks like the versions that I have built don't work for you. I am
>> not sure why. Maybe the part that isn't statically linked fails to load
>> because of mismatch with your glibc version?
>> Jeff or Blaisorblade understand this better than I do. (CCed list)
>
> the glibc version that I am having is 1.2.10 (i got it from
> glibc-config --version command )
>
>> >
>> -------------------------------------------------------------------------------------------------------------
>>
>>
>> >
>> >
>> >
>> > Currently I am having kernel 2.6.19.2 compiled with ARCH=um and its
>> working
>> > fine.
>> > But SELinux is disabled.
>> >
>> > so, is it possible to change some kernel configuration parameters and
>> > enable
>> > SELinux in same 2.6.19.2 kernel which is working ??
>> The SELinux options are in the Security section, just enable them.
>> If the kernel you compiled yourself works it should make little
>> difference.
>
>>
>>
>>
>>
>>
>>
>> >
>> > On 2/1/07, Antoine Martin <[EMAIL PROTECTED]> wrote:
>> >>
>> >> Hi,
>> >>
>> >> You are not doing anything wrong, if you check at the top of the
>> page at
>> >> http://uml.nagafix.co.uk/
>> >> It does mention the fact that there are problems with recent host
>> >> kernels (>=2.6.16). I can only suggest that you try an older host
>> kernel
>> >> until the x86 bug is fixed.
>> >>
>> >> Antoine
>> >>
>> >> (I'll top post, bottom-post or inline-reply whenever I feel like it)
>> >>
>> >> Pravin wrote:
>> >> > Hi,
>> >> > I was trying to make SELinux work on UML with 32 bit kernel
>> 2.6.19.2.
>> >> >
>> >> > I downloaded the latest kernel souce code from
>> >> > http://www.kernel.org/pub/linux/kernel/v2.6/
>> >> >
>> >> >
>> >> > As, it is supposed to have both UML and SELinux within it.
>> >> >
>> >> > I got the ".config" file from
>> >> > http://uml.nagafix.co.uk/kernels/kernel32-2.6.19.2.config
>> >> >
>> >> >
>> >> > After compilation as per instructions from page
>> >> > http://uml.nagafix.co.uk/kernels/
>> >> > When I ran this kernel, it stoped immediately after printing "UML
>> >> running
>> >> > in SKAS0 mode" without throwing any error message.
>> >> >
>> >> > I got following as output when I ran UML kernel complied from
>> 2.6.19.2
>> >> >
>> >> > {{{
>> >> > $ ./linux ubd0=FedoraCore5-x86-root_fs
>> >> > Checking that ptrace can change system call numbers...OK
>> >> > Checking syscall emulation patch for ptrace...OK
>> >> > Checking advanced syscall emulation patch for ptrace...OK
>> >> > Checking for tmpfs mount on /dev/shm...nothing mounted on /dev/shm
>> >> > Checking PROT_EXEC mmap in /tmp/...OK
>> >> > Checking for the skas3 patch in the host:
>> >> > - /proc/mm...not found
>> >> > - PTRACE_FAULTINFO...not found
>> >> > - PTRACE_LDT...not found
>> >> > UML running in SKAS0 mode
>> >> >
>> >> > $
>> >> > }}}
>> >> >
>> >> >
>> >> > I have also applied the vm non-standard split patch to the
>> kernel, but
>> >> > still
>> >> > it behaves in same way.
>> >> >
>> >> >
>> >> > I also downloaded the precompiled kernels from
>> >> > http://uml.nagafix.co.uk/kernels/ but they also gave same behaviour.
>> >> >
>> >> > I am trying these experiments on Debian x86 machine with kernel
>> 2.6.18
>> >> >
>> >> > The filesystem used by me is from
>> >> > http://uml.nagafix.co.uk/FedoraCore5/FedoraCore5-x86-root_fs.bz2
>> >> >
>> >> > Can I know what wrong steps I am doing ? Do I need to change the
>> >> > configuration file ?
>> >> > or I need to have special file system to run SELinux on UML ?
>> >> >
>> >> >
>> >> > Thank you
>> >> >
>> >> >
>> >> >
>> >>
>> ------------------------------------------------------------------------
>> >> >
>> >> >
>> >>
>> -------------------------------------------------------------------------
>> >> > Using Tomcat but need to do more? Need to support web services,
>> >> security?
>> >> > Get stuff done quickly with pre-integrated technology to make
>> your job
>> >> easier.
>> >> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
>> >> Geronimo
>> >> >
>> >>
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>> >> >
>> >> >
>> >> >
>> >>
>> ------------------------------------------------------------------------
>> >> >
>> >> > _______________________________________________
>> >> > User-mode-linux-user mailing list
>> >> > [email protected]
>> >> > https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
>> >>
>> >>
>> >
>> >
>>
>>
>
>
>
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
User-mode-linux-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
