[ubuntu-hardened] Re: [selinux] HOWTO Install SELinux on Ubuntu

Brian T. Sniffen bsniffen at mitre.org
Tue May 10 14:13:10 CDT 2005

Lorenzo Hernández García-Hierro <lorenzo at gnu.org> writes:

> It's currently available at:
> http://wiki.tuxedo-es.org/HOWTO_Install_SELinux_on_Ubuntu
> If you want to edit something, feel free to do it, but it would be good

Thanks for writing this up.  I tried to follow the instructions on an
Ubuntu machine, but had serious problems:

* The basic packages (e.g., coreutils) installed fine.  I had some
  difficulties with the selinux-aware PAM 0.78 packages: they
  complained about a missing module in pam_authenticate.  It was
  somewhat annoying to debug this, since it caused login and sudo to
  fail.  I never did solve this problem, because I gave up on:

* The selinux-policy-targeted package in your suggested repository fails to
  install.  There is no appconfig directory.

* The selinux-policy-default package also fails to install.  There are
  many .te files without corresponding .fc files.  The postinst script
  exits with status 1, apparently failing to copy policy/default to

* Those two policy packages conflict in practice, but have neither
  diversions nor explicit Conflict headers.

* There is no selinux-support package in your selinux/ubuntu apt
  repository---only over in selinux/debian.

This looks like a great project---I'd be very happy to have a second
Desktop SE Linux project for which to develop in parallel with Fedora.
It would help, I think, resolve what are elements of a Desktop SE
Linux install, and what features are really Red Hat's, not necessary
to SE Linux.

But right now, I don't think it's ready for prime time.  Since
unhorking a machine with broken PAM is a bit tricky, perhaps you could
add a note to the top of your web page explaining that the following
instructions may break your machine, and to be exceptionally careful
about having a backout-path before attempting them.


More information about the ubuntu-hardened mailing list