[ubuntu-hardened] Correctly Enabling SELinux on Intrepid
ledefi.88 at googlemail.com
Tue Dec 23 22:05:44 GMT 2008
I've been trying to enable SELinux on Intrepid. In my quest to get it
working I have:
* Installed selinux (apt-get install selinux).
* Modified my /etc/initramfs-tools/scripts/init-bottom/_load_policy to point
to /usr/sbin/ as per
* Modified grub to pass selinux=1 to the kernel
* Got in fine. Then installed selinux-policy-default (which conflicts with
selinux??) to actually install a policy.
* Rebooted, appending enforcing=1 to the kernel from grub.
This is where the problems began. I got as far as X (gdm) and couldn't
login. From the tty's selinux is successfully denying me access to /bin/bash
and as a result won't let me log in... at all.
I'm trying to get selinux going on my system if possible. I then proceeded
to install selinux-policy-src and have compiled that. I don't seem to get as
far as X in that case and my /home partition won't load... although that's
not really surprising as I did simply compile the policy with a few minor
modifications. I'm looking into using checkpolicy -U allow instead of -U
deny for my policy.
So, how do I get to the point where I have a policy running in enforcing
mode on my system? I can clearly get selinux working... but the policy being
used seems to be the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-hardened