selinux sketch

README.adoc

@@ -6957,6 +6957,29 @@ Source: link:kernel_modules/strlen_overflow.c[]
 
 Bibliography: https://www.reddit.com/r/hacking/comments/8h4qxk/what_a_buffer_overflow_in_the_linux_kernel_looks/
 
+==== Linux security modules
+
+https://en.wikipedia.org/wiki/Linux_Security_Modules
+
+===== SELinux
+
+TODO get hello world working.
+
+....
+./build-linux \
+  --config-fragment linux_config/selinux \
+  --linux-build-id selinux \
+;
+....
+
+But then this fails currently:
+
+....
+./build-buildroot --config 'BR2_PACKAGE_SETOOLS=y'
+....
+
+because we use ucLibc which is incompatible with SELinux, with a trivial unmerged fix at: http://lists.busybox.net/pipermail/buildroot/2017-July/197793.html
+
 === User mode Linux
 
 I once got link:https://en.wikipedia.org/wiki/User-mode_Linux[UML] running on a minimal Buildroot setup at: https://unix.stackexchange.com/questions/73203/how-to-create-rootfs-for-user-mode-linux-on-fedora-18/372207#372207

linux_config/selinux

@@ -0,0 +1,10 @@
+CONFIG_AUDIT=y
+CONFIG_SECURITY=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=0
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_DISABLE=y