[ubuntu-hardened] Correctly Enabling SELinux on Intrepid

[TJ Easter]

Kees,
      I run Ubuntu 8.10 AMD64 on my laptop.   I'm certainly wanting to
install/learn/configure SELinux (the MAC approach is far superior to
the discretionary AC, IMHO), but I use my laptop for a lot of things.

     Can you speak to the effectiveness and usability of Jaunty beta
for your average laptop power-user?  I typically run PostgreSQL and
Apache+PHP+mod_perl on the box for local development work, wireless
internet access (plain old 802.11b), and gcc.

     My biggest concern is the usability of KDE 4.x under SELinux.  I
do not X as root, so I'll be depending on some UID transitions to take
place (i.e., kdesu).  Is there any known breakage with that?


Regards,
TJ Easter

On Sun, Apr 5, 2009 at 11:08 AM, Kees Cook <kees at ubuntu.com> wrote:
> Hi Darren,
>
> On Sun, Apr 05, 2009 at 04:35:45PM +0100, Darren McGuicken wrote:
>> * Aaron Toponce (atoponce at ubuntu.com) wrote:
>> > SELinux is massively and horribly broken on Ubuntu 8.10. I've spent
>> > countless hours trying to get it to work, all wasted. If you must run
>> > SELinux, I'd install Fedora.
>>
>> Sent in December, is this (still) accurate for Intrepid?  And if so,
>> what's the forecast for Jaunty?  I'd like to start teaching myself
>> SELinux in as practical a manner as possible but completely abandoning
>> my OS of choice seems like rather a big step...
>
> It should be in much better shape for Jaunty; please install the Beta and
> "sudo apt-get install selinux" to try it out.  Tresys has been working on a
> number of the packages this cycle.
>
> -Kees
>
> --
> Kees Cook
> Ubuntu Security Team
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>



-- 
"Being a humanist means trying to behave decently without expectation
of rewards or punishment after you are dead."  -- Kurt Vonnegut, 1922
- 2007
http://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x5EB6E92FE2340DEF