Note:
The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
SELinux/Install
< SELinux
Jump to navigation
Jump to search
Install SELinux
Important
This document is work in progress. Do not use this as a reference!
Preparation
Since Python 2.7 provides most compatibility with SELinux, we will use it as our default interpreter.
root # eselect python list Available Python interpreters, in order of preference: [1] python2.7 [2] python3.4 [3] python3.5 root # eselect python set 1
Adding SELinux policy types to make.conf
/etc/portage/make.conf file POLICY_TYPES="targeted strict"
Kernel configuration
You can use any kernel that supports SELinux, although it's advised to use hardened-sources since it provides additional hardened/security features.
root # emerge -av sys-kernel/hardened-sources
Kernel configuration file General setup
[*] Auditing support
File systems
<*> Second extended fs support
[*] Ext2 extended attributes
[ ] Ext2 POSIX Access Control Lists
[*] Ext2 Security Labels
< > The Extended 3 (ext3) filesystem
<*> The Extended 4 (ext4) filesystem
[ ] Ext4 POSIX Access Control Lists
[*] Ext4 Security Labels
< > Ext4 Encryption
Security options
[*] Enable different security models
[*] Socket and Networking Security Hooks
[*] NSA SELinux Support
[ ] NSA SELinux boot parameter
[ ] NSA SELinux runtime disable
[*] NSA SELinux Development Support
[ ] NSA SELinux AVC Statistics
(1) NSA SELinux checkreqprot default value
[ ] NSA SELinux maximum supported policy format version
Default security module (SELinux) --->
Reboot
Compile the kernel with the new configuration and reboot.