Hello all I am trying to install xen (3.0.2 in portage) on a gentoo-hardened server.. I would like to make all domains SElinux enforced. I have googled around, but I can''t seem to find much information about it. I would like to get your opinion on what might be the best way to do this, if possible. If not possible, what would be the status on this? Thanks for the help. Best, -- Fred _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 12/20/06, Fred Blaise <fred.blaise@modernp.com> wrote:> [...] > I have googled around, but I can''t seem to find much information about it.See post "Xen and Selinux" on this list, 8 days ago. The Fedora people managed to get selinux working nicely with Xen (didn#t try myself), so you might look there what they did. Henning _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Henning Sprang wrote:> > See post "Xen and Selinux" on this list, 8 days ago. > > The Fedora people managed to get selinux working nicely with Xen > (didn#t try myself), so you might look there what they did.Yes, I had actually seen that thread. When I install the xen 3.0.2 package on my gentoo box (xen-sources 2.6.16.28-r1), a ''grep SELINUX .config'' (the xen .config file) does not return anything...> > Henning > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Fred Blaise wrote:> When I install the xen 3.0.2 package on my gentoo box (xen-sources > 2.6.16.28-r1), a ''grep SELINUX .config'' (the xen .config file) does not > return anything...Ask on the gentoo hardened list. Xen doesn''t maintain any distro''s kernel patch sets, AFAIK. :) -- Christopher G. Stach II _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 12/20/06, Fred Blaise <fred.blaise@modernp.com> wrote:> [...] > When I install the xen 3.0.2 package on my gentoo box (xen-sources > 2.6.16.28-r1),Quite old...> a ''grep SELINUX .config'' (the xen .config file) does not > return anything...I don''t know what name the Selinux features have in the kernel. This might only mean that the gentoo maintainers decided not to build it into their xen packages. As it seems only the fedora guys have it working, only their kernel might be built with selinux. You need to set the features in the kernel on your own. Henning _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users