SELinux works like a charm in Ubuntu!

[Felipe Alfaro Solana]

On 2/3/07, Joel Bryan Juliano <joelbryan.juliano at gmail.com> wrote:
> SELinux does wonders on my Feisty machine. I noticed that when it's turn on,
> applications don't get any noticeable delays when loading, I can run QEMU
> now without sacrificing the performance of the host OS. Everything runs so
> smooth. Networking also runs well without any problems, Sharing files using
> gshare (Avahi FTP Daemon), SAMBA works, and other host can connect to me
> without problems. I can even connect to this PC by my .local address and
> grab the correct time in the internet using ntpd. I have done alot of
> searching on the net because I was so reluctant about it, I have fears about
> the effects on compiling a program, but couldn't find any, so I just tried
> it myself and to my surprise It works like a charm, and doesn't affect the
> compiled programs.
>
> The only settings that is not working in Ubuntu is enforcing mode, which
> will not boot the machine, but permissive with strict policy works. I'm
> using targeted policy.

Errr... I think that permissive mode is not very useful. I mean, any
policy (even broken ones) will work in permissive mode, since the
kernel simply logs invalid actions, but does not prevent them from
happening.

> To install SELinux, just grab selinux-basics and it would install the
> targeted policy. The strict policy and src policy would have to be installed
> manually. After that you'll have to enable it at boot with selinux=1 option.
>
> Just sharing this wonderful features most of us doesn't use.

Fedora Core 6 has a good working SELinux policy (after three releases,
they are getting close to getting an usable policy) and I've been
using SELinux for sometime, not with problems, but :-)