From d02e2db2b697b57982192394e4928394a1f1e831 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ciro=20Santilli=20=E5=85=AD=E5=9B=9B=E4=BA=8B=E4=BB=B6=20?= =?UTF-8?q?=E6=B3=95=E8=BD=AE=E5=8A=9F?= Date: Thu, 31 Jan 2019 00:00:02 +0000 Subject: [PATCH] selinux sketch --- README.adoc | 23 +++++++++++++++++++++++ linux_config/selinux | 10 ++++++++++ 2 files changed, 33 insertions(+) create mode 100644 linux_config/selinux diff --git a/README.adoc b/README.adoc index 34d1912..e913930 100644 --- a/README.adoc +++ b/README.adoc @@ -6957,6 +6957,29 @@ Source: link:kernel_modules/strlen_overflow.c[] Bibliography: https://www.reddit.com/r/hacking/comments/8h4qxk/what_a_buffer_overflow_in_the_linux_kernel_looks/ +==== Linux security modules + +https://en.wikipedia.org/wiki/Linux_Security_Modules + +===== SELinux + +TODO get hello world working. + +.... +./build-linux \ + --config-fragment linux_config/selinux \ + --linux-build-id selinux \ +; +.... + +But then this fails currently: + +.... +./build-buildroot --config 'BR2_PACKAGE_SETOOLS=y' +.... + +because we use ucLibc which is incompatible with SELinux, with a trivial unmerged fix at: http://lists.busybox.net/pipermail/buildroot/2017-July/197793.html + === User mode Linux I once got link:https://en.wikipedia.org/wiki/User-mode_Linux[UML] running on a minimal Buildroot setup at: https://unix.stackexchange.com/questions/73203/how-to-create-rootfs-for-user-mode-linux-on-fedora-18/372207#372207 diff --git a/linux_config/selinux b/linux_config/selinux new file mode 100644 index 0000000..d4f67db --- /dev/null +++ b/linux_config/selinux @@ -0,0 +1,10 @@ +CONFIG_AUDIT=y +CONFIG_SECURITY=y +CONFIG_SECURITY_NETWORK=y +CONFIG_SECURITY_SELINUX=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_BOOTPARAM=y +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1 +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0 +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_DISABLE=y