[ubuntu-hardened] SELinux on Karmic?

Caleb Case calebcase at gmail.com
Mon Sep 14 19:53:31 BST 2009

On Fri, Sep 4, 2009 at 12:52 PM, John Dong <jdong at ubuntu.com> wrote:
> Indeed security=selinux worked as expected!
> Our selinux-policy-ubuntu still doesn't properly support X/GDM
> sessions right? After enabling selinux I noticed post-login I was in
> some weird system_u context.

The selinux-policy-ubuntu should support X/GDM (at least it did on
Hardy). There appears to be two things conspiring to make your login
incorrect (both stemming from your system not getting relabeled
correctly). The /etc/init.d/selinux script does not recognize ext4 as
a good fs for relabeling (which is the default for karmic). Someone
already posted a fix for this in:
https://bugs.launchpad.net/bugs/371075. The other is that setfiles now
does some additional checking itself to see if the filesystem supports
relabeling. Unfortunately this checking not work if selinux is
disabled. In fact, in this case it silently will fail to relabel. You
can remedy the situation by scheduling a relabel and rebooting:

/etc/init.d/selinux relabel

This is of course non-ideal.

I have opened 2 bugs related to your report:


Unfortunately even after fixing these something else is wrong >.< as I
end up in xdm_t on a graphical login. I'll have to take a closer look
at the policy to find out why the proper transitions are not



More information about the ubuntu-hardened mailing list