Is SELinux available for Ubuntu ?

Bruno pubmb02 at skynet.be
Mon Feb 12 17:36:11 UTC 2007


On Monday 12 February 2007 18:13:17 Bruno Costacurta wrote:
> On Monday 12 February 2007 16:20, Joel Bryan Juliano wrote:
> > On 2/12/07, Bruno Costacurta <pubmb01 at skynet.be> wrote:
> > > Hello,
> > >
> > > is SELinux available for Ubuntu ?
> > > Are there some packages ? Which ?
> > >
> > > Apparently package 'selinux-policy-default' is broken...
> >
> > Yes, it's available in Ubuntu, but currently the targeted policy only
> > works well on "permissive" mode. I think enforcing policy will work if
> > there's a custom policy, specifically for Ubuntu.
> >
> > you would have to install the specific policy, since
> > selinux-policy-default is a metapackage of selinux-basics and
> > selinux-policy-targeted.
> >
> > Then relabel the system (i.e $ relabel /, or touch /.autorelabel and
> > reboot)
> >
> > BTW, some say permissive mode does not do something on the system. I
> > tried installing beagle with permissive mode, and it failed, since
> > chage is disallowed to change user priorities.
> >
> > Another is try running X on a chroot environment, (LiveCD with $ cd
> > dev && MAKEDEV generic), and the themes doesn't apply.
> >
> > I think permissive mode does have effects.
> >
> > > .
> > > sudo apt-get install selinux-policy-default
> > > Reading package lists... Done
> > > Building dependency tree
> > > Reading state information... Done
> > > The following NEW packages will be installed:
> > > selinux-policy-default
> > > ...etc...
> > >  /usr/sbin/load_policy:  Can't load policy:  No such file or directory
> > > make: *** [tmp/load] Error 2
> > > .
> > >
> > > Many thanks for any clue.
> > > Bye,
> > > Bruno
> > >
> > > --
> > > ubuntu-users mailing list
> > > ubuntu-users at lists.ubuntu.com
> > > Modify settings or unsubscribe at:
> > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> >
> > --
> > Carpe Diem
>
> I installed package 'selinux-basics', make relabel and add selinux=1 as a
> kernel parameter in the grub boot and reboot.
> However getenforce allways return disabled.
> How to enabled SElinux in permissive mode ?
>
> Note : I have the feeling that SELinux is not started :  touch
> /.autorelabel is not working as file strangely remains in place after
> reboot.
>
> Thanks,
> Bruno

It seems that SELinux is in fact started as showed in /var/log/messages :
...
Kernel command line: root=UUID=29479c95-3dbf-490f-b943-be016b9db02a ro quiet 
splash selinux=1
SELinux:  Initializing.
SELinux:  Starting in permissive mode
SELinux:  Registering netfilter hooks
selinux_register_security:  Registering secondary module capability
...
but getenforce return disabled which tends to show that SELinux start does'nt 
complete.


Bye,
Bruno




More information about the ubuntu-users mailing list