[ubuntu-hardened] Re: [selinux] HOWTO Install SELinux on Ubuntu
Brian T. Sniffen
bsniffen at mitre.org
Tue May 10 14:13:10 CDT 2005
Lorenzo Hernández García-Hierro <lorenzo at gnu.org> writes:
> It's currently available at:
> http://wiki.tuxedo-es.org/HOWTO_Install_SELinux_on_Ubuntu
>
> If you want to edit something, feel free to do it, but it would be good
Thanks for writing this up. I tried to follow the instructions on an
Ubuntu machine, but had serious problems:
* The basic packages (e.g., coreutils) installed fine. I had some
difficulties with the selinux-aware PAM 0.78 packages: they
complained about a missing module in pam_authenticate. It was
somewhat annoying to debug this, since it caused login and sudo to
fail. I never did solve this problem, because I gave up on:
* The selinux-policy-targeted package in your suggested repository fails to
install. There is no appconfig directory.
* The selinux-policy-default package also fails to install. There are
many .te files without corresponding .fc files. The postinst script
exits with status 1, apparently failing to copy policy/default to
policy/current.
* Those two policy packages conflict in practice, but have neither
diversions nor explicit Conflict headers.
* There is no selinux-support package in your selinux/ubuntu apt
repository---only over in selinux/debian.
This looks like a great project---I'd be very happy to have a second
Desktop SE Linux project for which to develop in parallel with Fedora.
It would help, I think, resolve what are elements of a Desktop SE
Linux install, and what features are really Red Hat's, not necessary
to SE Linux.
But right now, I don't think it's ready for prime time. Since
unhorking a machine with broken PAM is a bit tricky, perhaps you could
add a note to the top of your web page explaining that the following
instructions may break your machine, and to be exceptionally careful
about having a backout-path before attempting them.
-Brian
More information about the ubuntu-hardened
mailing list