?SELinux Q&A after reading FAQ?

iconicmoronic · 07-22-2008, 10:32 PM

SELinux provides binary compatibility with existing applications. We have extended kernel data structures to include new security attributes, and we have added new API calls for security-aware applications. However, we have not changed any data structures visible to applications and we have not changed the interface of any existing system call, so existing applications can run unchanged if the security policy authorizes their operation.

so then all of my tools and utilities (fdisk, cp, mv, mtools, or whatever) and third party software (ardour, squid, tor, audacity) are compilable as long as i have source code?

The NSA SELinux release includes the core SELinux userland code.

SELinux by itself is not a trusted operating system, but provides a crucial security feature - mandatory access control - needed for a trusted operating system. IS THIS WHAT THE CONSPIRACY THEORISTS TALK ABOUT MONOPOLIES AND FIRE SAILS OR COMPUTER VIRUSES AND WHATNOT? LOL....

is there a graphical installation method? can i setup the internet?

AM I BETTER OFF WITH UBUNTU? because i'm tired of typing sudo

lensman3 · 07-23-2008, 07:34 PM

Turn off SELinux. All you have to do is change one line in the following file. "/etc/selinux/config". Change the line to SELINUX=disabled. Though permissive is probably a better option, because you will be notified if something is wrong.

AM I BETTER OFF WITH UBUNTU? because i'm tired of typing sudo
UBUNTU probably not! It is still Linux.

Or.

Add your user login to the root group and chmod all files owned everywhere root to "chmod 775". Remember that a lot of kernel checks - like removing files - are bypassed when you run many commands like remove. You will have to delete some of the aliases that are setup when you login as root.

As for "The NSA SELinux release includes the core SELinux userland code. " NSA has put the code into the GNU (public domain), so if you are a good enough C programmer, then check to see if they left any trapdoors or Trojans in the code.

**shuuhen** · 07-25-2008, 06:48 AM

You may be able to use the su command if you don't like typing sudo every time. I haven't done much with the Ubuntu distributions.

Either sudo su - or su - (both with the dash) would get you logged in as root for when you have a larger number of commands to run as root. Just type exit when done with root.

I wouldn't recommend changing permissions, especially to that degree. Permissions are as strict as they are for a reason.

lensman3 · 07-25-2008, 02:51 PM

The Ubuntu distributions remove the root password and all the root prevledges are now granted through sudo. (This is the same method that OS X uses). So to add the root "su" method back just:

"sudo passwd root". Remove the quotes and the password program will prompt you for the new password twice.

I agree with shuuhen that chmod'ing the file permissions is risky. It is a good way for a hacker to replace a program with a virus or a suid program. But "iconomorphic" seemed disgruntled with the existing security.

**shuuhen** · 07-25-2008, 05:54 PM

Well, on Ubuntu/Kubuntu/other *buntu sudo su - would also work fine.

07-22-2008, 10:32 PM	#1 (permalink)
iconicmoronic Registered User Join Date: Jul 2008 Posts: 30 OS: Ubuntu 8.04 LTS	?SELinux Q&A after reading FAQ? SELinux provides binary compatibility with existing applications. We have extended kernel data structures to include new security attributes, and we have added new API calls for security-aware applications. However, we have not changed any data structures visible to applications and we have not changed the interface of any existing system call, so existing applications can run unchanged if the security policy authorizes their operation. so then all of my tools and utilities (fdisk, cp, mv, mtools, or whatever) and third party software (ardour, squid, tor, audacity) are compilable as long as i have source code? The NSA SELinux release includes the core SELinux userland code. SELinux by itself is not a trusted operating system, but provides a crucial security feature - mandatory access control - needed for a trusted operating system. IS THIS WHAT THE CONSPIRACY THEORISTS TALK ABOUT MONOPOLIES AND FIRE SAILS OR COMPUTER VIRUSES AND WHATNOT? LOL.... is there a graphical installation method? can i setup the internet? AM I BETTER OFF WITH UBUNTU? because i'm tired of typing sudo

07-23-2008, 07:34 PM	#2 (permalink)
lensman3 Registered User Join Date: Oct 2007 Location: Littleton, Colorado USA Posts: 389 OS: xp 64 sp2 Fedora Core 8 (vmware xp core 8 x32) Minix	Re: ?SELinux Q&A after reading FAQ? Turn off SELinux. All you have to do is change one line in the following file. "/etc/selinux/config". Change the line to SELINUX=disabled. Though permissive is probably a better option, because you will be notified if something is wrong. AM I BETTER OFF WITH UBUNTU? because i'm tired of typing sudo UBUNTU probably not! It is still Linux. Or. Add your user login to the root group and chmod all files owned everywhere root to "chmod 775". Remember that a lot of kernel checks - like removing files - are bypassed when you run many commands like remove. You will have to delete some of the aliases that are setup when you login as root. As for "The NSA SELinux release includes the core SELinux userland code. " NSA has put the code into the GNU (public domain), so if you are a good enough C programmer, then check to see if they left any trapdoors or Trojans in the code. Last edited by shuuhen : 07-25-2008 at 05:45 AM.

07-25-2008, 06:48 AM	#3 (permalink)
shuuhen Moderator Join Date: Sep 2004 Location: Colorado Posts: 699 OS: Mac OS 9.1, Mac OS X 10.5.4, WinXP Pro, FreeBSD 6.0, Gentoo Linux	Re: ?SELinux Q&A after reading FAQ? You may be able to use the su command if you don't like typing sudo every time. I haven't done much with the Ubuntu distributions. Either sudo su - or su - (both with the dash) would get you logged in as root for when you have a larger number of commands to run as root. Just type exit when done with root. I wouldn't recommend changing permissions, especially to that degree. Permissions are as strict as they are for a reason. __________________ Has it been a few days since I replied to your thread? Don't panic! I'm a busy college student and may forget a post if I'm extra busy (or it might just take me a while to be able to do a decent reply). If you still need help and are awaiting my reply after a few days, PM me about it. When posting what errors you get, please give the full message. It makes helping you much easier.

07-25-2008, 02:51 PM	#4 (permalink)
lensman3 Registered User Join Date: Oct 2007 Location: Littleton, Colorado USA Posts: 389 OS: xp 64 sp2 Fedora Core 8 (vmware xp core 8 x32) Minix	Re: ?SELinux Q&A after reading FAQ? The Ubuntu distributions remove the root password and all the root prevledges are now granted through sudo. (This is the same method that OS X uses). So to add the root "su" method back just: "sudo passwd root". Remove the quotes and the password program will prompt you for the new password twice. I agree with shuuhen that chmod'ing the file permissions is risky. It is a good way for a hacker to replace a program with a virus or a suid program. But "iconomorphic" seemed disgruntled with the existing security.

07-25-2008, 05:54 PM	#5 (permalink)
shuuhen Moderator Join Date: Sep 2004 Location: Colorado Posts: 699 OS: Mac OS 9.1, Mac OS X 10.5.4, WinXP Pro, FreeBSD 6.0, Gentoo Linux	Re: ?SELinux Q&A after reading FAQ? Well, on Ubuntu/Kubuntu/other buntu sudo su -* would also work fine. __________________ Has it been a few days since I replied to your thread? Don't panic! I'm a busy college student and may forget a post if I'm extra busy (or it might just take me a while to be able to do a decent reply). If you still need help and are awaiting my reply after a few days, PM me about it. When posting what errors you get, please give the full message. It makes helping you much easier. Last edited by shuuhen : 07-25-2008 at 05:55 PM.