SELinux workgroup: Difference between revisions
imported>Etbe No edit summary |
imported>Etbe No edit summary |
||
| Line 14: | Line 14: | ||
extraConfig = '' | extraConfig = '' | ||
SECURITY_SELINUX y | SECURITY_SELINUX y | ||
SECURITY_SELINUX_BOOTPARAM n | |||
SECURITY_SELINUX_DISABLE n | |||
SECURITY_SELINUX_DEVELOP y | SECURITY_SELINUX_DEVELOP y | ||
SECURITY_SELINUX_AVC_STATS y | SECURITY_SELINUX_AVC_STATS y | ||
| Line 21: | Line 23: | ||
environment.systemPackages = with pkgs; [ policycoreutils ]; | environment.systemPackages = with pkgs; [ policycoreutils ]; | ||
systemd.package = pkgs.systemd.override { withSelinux = true; }; | |||
== Links == | == Links == | ||
Revision as of 01:14, 26 February 2019
This group is about adding SE Linux support to NixOS both booting and when run on a system like Debian or Fedora with SE Linux support.
People
Config
boot.kernelParams = [ "security=selinux selinux=1" ];
# not yet tested the kernel config
boot.kernelPatches = [ {
name = "selinux-config";
patch = null;
extraConfig =
SECURITY_SELINUX y
SECURITY_SELINUX_BOOTPARAM n
SECURITY_SELINUX_DISABLE n
SECURITY_SELINUX_DEVELOP y
SECURITY_SELINUX_AVC_STATS y
SECURITY_SELINUX_CHECKREQPROT_VALUE 0
;
} ];
environment.systemPackages = with pkgs; [ policycoreutils ];
systemd.package = pkgs.systemd.override { withSelinux = true; };
Links
- Proposed patch for subst file-contexts, this maps /nix/store/* directories to / for file labelling (both initial system labelling and dynamic labelling of new files).
- GitHub page for e-user's changes adding SE Linux support to NixOS.