1
0
mirror of https://github.com/tommytran732/QubesOS-Scripts synced 2024-11-21 17:31:34 -05:00

Enable SELinux on Fedora minimal

This commit is contained in:
Tommy 2024-11-12 05:52:05 -07:00 committed by GitHub
parent 857fbd5f14
commit 7b8f77e399
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 0 deletions

10
fedora-minimal/README.md Normal file
View File

@ -0,0 +1,10 @@
# Enable SELinux
To enable SELinux, do the following after you have run fedora-minimal.sh:
- Shutdown the VM
- Run `qvm-features fedora-40-minimal selinux 1`.
- Start the minimal vm. Wait for it to shut itself down.
- Run `qvm-features fedora-40-minimal selinux 0`.
- Turn the VM on, remove `/.autorelabel`.
- Turn the VM off.
- Run `qvm-features fedora-40-minimal selinux 1`.

View File

@ -64,3 +64,7 @@ sudo https_proxy=https://127.0.0.1:8082 dnf copr enable secureblue/hardened_mall
sudo dnf install -y hardened_malloc sudo dnf install -y hardened_malloc
echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
sudo chmod 644 /etc/ld.so.preload sudo chmod 644 /etc/ld.so.preload
# Prepare for SELinux
sudo touch /.autorelabel
sudo sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/sysconfig/selinux