Hi Aaron,<br><br>Thanks for that. I'd come to the conclusion that the policy was the issue... Selinux is working, it's just configured in such a way that when enforced the policy starts denying me access to... everything, which is a policy issue as far as I understand it. I did briefly look at the reference policy and built it from source but don't have the time to play around until I have something usable (some things are still denied e.g. cryptsetup mounting /home). <br>
<br>That's not the first time I've been told to install Fedora for selinux so have gone ahead and done so. <br><br>Thanks<br><br>ledefi.88<br><br><div class="gmail_quote">2008/12/25 Aaron Toponce <span dir="ltr"><<a href="mailto:atoponce@ubuntu.com">atoponce@ubuntu.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">ledefi.88 wrote:<br>
> So, how do I get to the point where I have a policy running in enforcing<br>
> mode on my system? I can clearly get selinux working... but the policy<br>
> being used seems to be the problem.<br>
<br>
</div>SELinux is massively and horribly broken on Ubuntu 8.10. I've spent<br>
countless hours trying to get it to work, all wasted. If you must run<br>
SELinux, I'd install Fedora, as the Targeted policy is written by Red<br>
Hat employees, and Just Works on Red Hat based distros. For Ubuntu, I'd<br>
run and learn AppArmor until SELinux gets fixed.<br>
<br>
Just my two cents.<br>
<font color="#888888"><br>
--<br>
,-O Aaron Toponce<br>
O } Ubuntu Member<br>
`-O <a href="http://www.ubuntu.com" target="_blank">http://www.ubuntu.com</a><br>
<br>
</font><br>--<br>
ubuntu-hardened mailing list<br>
<a href="mailto:ubuntu-hardened@lists.ubuntu.com">ubuntu-hardened@lists.ubuntu.com</a><br>
<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened</a><br>
<br></blockquote></div><br>