SELinux node ============ The SELinux node VM image is a qemu/kvm-compatible image that runs a base Gentoo Linux installation, using the Gentoo Hardened toolchain and kernel (including grSecurity and PaX) and with SELinux enabled in enforcing mode. It also enables grSecurity's TPE (Trusted Path Execution) and the recent Integrity Measurement Architecture (IMA) and Extended Verification Module (EVM) subsystems in the kernel. To run it successfully on your system, please run it with the "-cpu kvm64" qemu option to enable the KVM 64-bit processor, and use the virtio block driver for accessing the files. An example command line would be:: /usr/bin/qemu-kvm \ -monitor stdio \ -net nic,model=virtio,macaddr=00:11:22:33:44:01,vlan=0 \ -net vde,vlan=0 \ -drive file=selinuxnode-amd64-20130224.qcow2,if=virtio,cache=writeback \ -m 512 -cpu kvm64 -smp 2; In this example, a virtual switch (as provided by net-misc/vde) is used, but this isn't mandatory in order to get networking to work. The important part however is the virtio driver for the file access, as otherwise the initramfs will not detect the root file system. The image provides four accounts by default: root (with password "rootpass"), user (with password "userpass"), oper (with password "operpass") and test (with password "testpass"). These accounts map to the SELinux users/roles of root (sysadm_r), user_u (user_r) and staff_u (staff_r). The test account currently maps to the user_u as well. Once booted, you can find more information about the SELinux node using "man selinuxnode". For more information or feedback, please contact Sven Vermeulen through swift@gentoo.org Extracting ---------- The image is compressed using xz. You can decompress it using "xz -d ". Expect the extracted image to be around 1.6 GiB although it can grow up to 50 GiB.