On 2/1/07, Antoine Martin <[EMAIL PROTECTED]> wrote:
> Pravin wrote:
> > Thanx Antoine,
> > now SELinux is working in guest UML kernel 2.6.19.2
> >
> > Problem is that in 2.6.19.2, the only options that are shown in
> > SECURITY area in configuration are as follows,
> >
> > [*] Enable access key retention support
> > [*] Enable the /proc/keys file by which keys may be viewed
> >
> > [*] Enable different security models
> >
> > [*] Socket and Networking Security Hooks
> > [*] XFRM
> > (IPSec) Networking Security Hooks
> > <*> Default Linux Capabilities
> >
> > There is no SELINUX option here, So I had to add it manually by
> > observing other configuration files.
> That's quite odd. Here is what I have in Security Options (check that
> the dependencies are enabled):
>
> Symbol: SECURITY_SELINUX [=y]
>
> Prompt: NSA SELinux Support
>
> Defined at security/selinux/Kconfig:1
> Depends on: SECURITY_NETWORK && AUDIT && NET && INET
>
> Location:
>
> -> Security options
>
> Selects: NETWORK_SECMARK
>
> Starting with the kernel configs on http://uml.nagafix.co.uk/ should
> give you something that works with SELinux in the menus.
>
> Antoine
>
yahh,
unfortunately, i was using "make menuconfig ARCH=um"
and i was directly going to "security options"
my guess is that, as I had not enabled any other options like "AUDIT"
or maybe something else, SELINUX was not comming in the list of
menues.
When i creating .config file with selinux by using "make config
ARCH=um", and then ran "make menuconfig ARCH=um", then I was able to
get "NSA Selinux" configuration options in the menu.
On further playing, i was able to find out that, "NSA Selinux" options
depends on the configuration option "AUDIT". If "AUDIT" is present,
then selinux options will be given to you. And by default "AUDIT"
option is disabled. So, I never got "NSA Selinux" options.
Thanx for ur feedback, it was really helpful.
>
> > I modified the generated configuration file, and added some
> > configurations which were missing..
> > options like AUDIT, NETWORK_SECMARK are not very intutive to me to be
> > associated with SELINUX
> >
> > and now its working fine...
> > On 2/1/07, Antoine Martin <[EMAIL PROTECTED]> wrote:
> >> Pravin wrote:
> >> > Thanx for reply.
> >> >
> >> > I changed my host kernel to 2.6.15 and tried to run those
> >> precompiled and
> >> > manually compiled 2.6.19.2 kernels. but I was facing same problem.
> >> >
> >> > {{{
> >> > $ ./liunx ubd0=FedoraCore5-x86-root_fs
> >> > Checking PROT_EXEC mmap in /tmp...OK
> >> > Checking for the skas3 patch in the host:
> >> > - /proc/mm...not found
> >> > - PTRACE_FAULTINFO...not found
> >> > - PTRACE_LDT...not found
> >> > UML running in SKAS0 mode
> >> >
> >> > $
> >> > }}}
> >> >
> >> >
> >> ------------------------------------------------------------------------
> >> > I also tried to use older kernel for guest kernel
> >> > I tried with precompiled kernel 2.6.14.4 from
> >> > http://uml.nagafix.co.uk/kernels/kernel32-2.6.14.4-bs3
> >> > but it also gave same problem.
> >> >
> >> > but in case of mannual compilation, there was some progress.
> >> > I downloaded 2.6.14.7 and compiled it with UML.
> >> > but then I got
> >> >
> >> > {{{
> >> > $ ./linux ubd0=FedoraCore5-x86-root_fs
> >> > ..
> >> > ..
> >> > ..
> >> > VFS: Cannot open root device "98:0" or unknown-block(98,0)
> >> > Please append a correct "root=" boot option
> >> > Kernel panic - not syncing: VFS: Unable to mount root fs on
> >> > unknown-block(98,0)
> >> > }}}
> >> > When previously (a week before) i got this problem, I was been
> >> advised to
> >> > move to newer version or kernel.
> >> How about adding root=/dev/ubda to the linux command?
> >
> > That was the first thing i tried.. bt didnt worked.. :-(
> >
> >
> >> So it looks like the versions that I have built don't work for you. I am
> >> not sure why. Maybe the part that isn't statically linked fails to load
> >> because of mismatch with your glibc version?
> >> Jeff or Blaisorblade understand this better than I do. (CCed list)
> >
> > the glibc version that I am having is 1.2.10 (i got it from
> > glibc-config --version command )
> >
> >> >
> >> -------------------------------------------------------------------------------------------------------------
> >>
> >> >
> >> >
> >> >
> >> > Currently I am having kernel 2.6.19.2 compiled with ARCH=um and its
> >> working
> >> > fine.
> >> > But SELinux is disabled.
> >> >
> >> > so, is it possible to change some kernel configuration parameters and
> >> > enable
> >> > SELinux in same 2.6.19.2 kernel which is working ??
> >> The SELinux options are in the Security section, just enable them.
> >> If the kernel you compiled yourself works it should make little
> >> difference.
> >
> >>
> >>
> >>
> >>
> >>
> >>
> >> >
> >> > On 2/1/07, Antoine Martin <[EMAIL PROTECTED]> wrote:
> >> >>
> >> >> Hi,
> >> >>
> >> >> You are not doing anything wrong, if you check at the top of the
> >> page at
> >> >> http://uml.nagafix.co.uk/
> >> >> It does mention the fact that there are problems with recent host
> >> >> kernels (>=2.6.16). I can only suggest that you try an older host
> >> kernel
> >> >> until the x86 bug is fixed.
> >> >>
> >> >> Antoine
> >> >>
> >> >> (I'll top post, bottom-post or inline-reply whenever I feel like it)
> >> >>
> >> >> Pravin wrote:
> >> >> > Hi,
> >> >> > I was trying to make SELinux work on UML with 32 bit kernel
> >> 2.6.19.2.
> >> >> >
> >> >> > I downloaded the latest kernel souce code from
> >> >> > http://www.kernel.org/pub/linux/kernel/v2.6/
> >> >> >
> >> >> >
> >> >> > As, it is supposed to have both UML and SELinux within it.
> >> >> >
> >> >> > I got the ".config" file from
> >> >> > http://uml.nagafix.co.uk/kernels/kernel32-2.6.19.2.config
> >> >> >
> >> >> >
> >> >> > After compilation as per instructions from page
> >> >> > http://uml.nagafix.co.uk/kernels/
> >> >> > When I ran this kernel, it stoped immediately after printing "UML
> >> >> running
> >> >> > in SKAS0 mode" without throwing any error message.
> >> >> >
> >> >> > I got following as output when I ran UML kernel complied from
> >> 2.6.19.2
> >> >> >
> >> >> > {{{
> >> >> > $ ./linux ubd0=FedoraCore5-x86-root_fs
> >> >> > Checking that ptrace can change system call numbers...OK
> >> >> > Checking syscall emulation patch for ptrace...OK
> >> >> > Checking advanced syscall emulation patch for ptrace...OK
> >> >> > Checking for tmpfs mount on /dev/shm...nothing mounted on /dev/shm
> >> >> > Checking PROT_EXEC mmap in /tmp/...OK
> >> >> > Checking for the skas3 patch in the host:
> >> >> > - /proc/mm...not found
> >> >> > - PTRACE_FAULTINFO...not found
> >> >> > - PTRACE_LDT...not found
> >> >> > UML running in SKAS0 mode
> >> >> >
> >> >> > $
> >> >> > }}}
> >> >> >
> >> >> >
> >> >> > I have also applied the vm non-standard split patch to the
> >> kernel, but
> >> >> > still
> >> >> > it behaves in same way.
> >> >> >
> >> >> >
> >> >> > I also downloaded the precompiled kernels from
> >> >> > http://uml.nagafix.co.uk/kernels/ but they also gave same behaviour.
> >> >> >
> >> >> > I am trying these experiments on Debian x86 machine with kernel
> >> 2.6.18
> >> >> >
> >> >> > The filesystem used by me is from
> >> >> > http://uml.nagafix.co.uk/FedoraCore5/FedoraCore5-x86-root_fs.bz2
> >> >> >
> >> >> > Can I know what wrong steps I am doing ? Do I need to change the
> >> >> > configuration file ?
> >> >> > or I need to have special file system to run SELinux on UML ?
> >> >> >
> >> >> >
> >> >> > Thank you
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> ------------------------------------------------------------------------
> >> >> >
> >> >> >
> >> >>
> >> -------------------------------------------------------------------------
> >> >> > Using Tomcat but need to do more? Need to support web services,
> >> >> security?
> >> >> > Get stuff done quickly with pre-integrated technology to make
> >> your job
> >> >> easier.
> >> >> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
> >> >> Geronimo
> >> >> >
> >> >>
> >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >> >> >
> >> >> >
> >> >> >
> >> >>
> >> ------------------------------------------------------------------------
> >> >> >
> >> >> > _______________________________________________
> >> >> > User-mode-linux-user mailing list
> >> >> > [email protected]
> >> >> > https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
> >> >>
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
> >
>
>
--
Pravin Shinde
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
User-mode-linux-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-user
