Workgroup:SELinux: Difference between revisions
imported>Etbe No edit summary |
imported>Etbe No edit summary |
||
| Line 8: | Line 8: | ||
boot.kernelParams = [ "security=selinux" ]; | boot.kernelParams = [ "security=selinux" ]; | ||
# not yet tested the kernel config | # not yet tested the kernel config | ||
boot.kernelPatches = [ { | boot.kernelPatches = [ { | ||
name = "selinux-config"; | name = "selinux-config"; | ||
| Line 19: | Line 19: | ||
''; | ''; | ||
} ]; | } ]; | ||
== Links == | |||
* [https://lore.kernel.org/selinux/7853167.K65cXu0y11@neuromancer/T/#u Proposed patch for subst file-contexts], this maps /nix/store/* directories to / for file labelling (both initial system labelling and dynamic labelling of new files). | |||
* [https://github.com/NixOS/nix/pull/2670 GitHub page for e-user's changes adding SE Linux support to NixOS]. | |||
Revision as of 03:58, 25 February 2019
This group is about adding SE Linux support to NixOS both booting and when run on a system like Debian or Fedora with SE Linux support.
People
Config
boot.kernelParams = [ "security=selinux" ];
# not yet tested the kernel config
boot.kernelPatches = [ {
name = "selinux-config";
patch = null;
extraConfig =
SECURITY_SELINUX y
SECURITY_SELINUX_DEVELOP y
SECURITY_SELINUX_AVC_STATS y
SECURITY_SELINUX_CHECKREQPROT_VALUE 0
;
} ];
Links
- Proposed patch for subst file-contexts, this maps /nix/store/* directories to / for file labelling (both initial system labelling and dynamic labelling of new files).
- GitHub page for e-user's changes adding SE Linux support to NixOS.