[ubuntu-hardened] Correctly Enabling SELinux on Intrepid

ledefi.88 ledefi.88 at googlemail.com
Mon Dec 29 22:08:36 GMT 2008


Hi Aaron,

Thanks for that. I'd come to the conclusion that the policy was the issue...
Selinux is working, it's just configured in such a way that when enforced
the policy starts denying me access to... everything, which is a policy
issue as far as I understand it. I did briefly look at the reference policy
and built it from source but don't have the time to play around until I have
something usable (some things are still denied e.g. cryptsetup mounting
/home).

That's not the first time I've been told to install Fedora for selinux so
have gone ahead and done so.

Thanks

ledefi.88

2008/12/25 Aaron Toponce <atoponce at ubuntu.com>

> ledefi.88 wrote:
> > So, how do I get to the point where I have a policy running in enforcing
> > mode on my system? I can clearly get selinux working... but the policy
> > being used seems to be the problem.
>
> SELinux is massively and horribly broken on Ubuntu 8.10. I've spent
> countless hours trying to get it to work, all wasted. If you must run
> SELinux, I'd install Fedora, as the Targeted policy is written by Red
> Hat employees, and Just Works on Red Hat based distros. For Ubuntu, I'd
> run and learn AppArmor until SELinux gets fixed.
>
> Just my two cents.
>
> --
>  ,-O  Aaron Toponce
> O   } Ubuntu Member
>  `-O  http://www.ubuntu.com
>
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20081229/4f40768b/attachment.htm 


More information about the ubuntu-hardened mailing list