[ubuntu-hardened] Problems with SELinux in Ubuntu Hardy

[Marc Baas]

When mailing this to the Ubuntu development mailing list, I was told to
send my questions to this mailing list, so here goes:

Dear all,

Since I don't know where else to put this problem I ran into and I
cannot specify it clearly enough to file a bug report, I'm sending it to
this mail group.

I've been testing Hardy since early alpha 6. I also tried installing
SELinux according to the specifications of the Ubuntu SELinux wiki (run
sudo apt-get install selinux) and it worked flawlessly for me at the
time.

Today I tried it again on a current up to date beta of hardy. I call it
a clean install since I haven't manually changed anything and have only
installed packages with apt that I normally do by default through a
script, to not have to do everything manually.
This time however, after rebooting and having the labeling finish, I was
welcomed with a message telling me HAL failed to initialize. On top of
that, while it was first loading, the whole gnome menu disappeared and
left me with nothing but an empty desktop. Immagine Alt+F2 didn't work
either.

I managed to work around this and get a terminal going, tried to restart
HAL, but got permission errors from SELinux telling me that this user
was not allowed to...., etc.

Needless to say, lots of things were not working (at some point even my
ethernet adapter was blocked) and in the end, I removed SELinux in order
to be able to use my system. Hence I don't have all the detailed info
one could wish for in order to file a bug report.
Due to lack of time and wanting to be sure things would run properly I
went ahead and did a reinstall.

As a result of this I'm under the impression that the policies that came
with alpha 6, which worked fine for me, must have been changed one way
or another and now don't work for me anymore.
Is this something that can be confirmed by the ones that are working on
the implementation of SELinux?

Together with that, when can we expect configuration tools for SELinux
like the ones one finds in Fedora? It really is very user unfriendly and
complex to work with SELinux and try to configure it with the tools, let
alone without those.

Thanks in advance for your time and attention.

Marc