Is SELinux available for Ubuntu ?
Bruno Costacurta
pubmb01 at skynet.be
Wed Feb 14 09:27:04 UTC 2007
On Tuesday 13 February 2007 21:27:52 Joel Bryan Juliano wrote:
> On 2/13/07, Bruno Costacurta <pubmb01 at skynet.be> wrote:
> > On Tuesday 13 February 2007 04:23:25 Joel Bryan Juliano wrote:
> > > On 2/13/07, Bruno <pubmb02 at skynet.be> wrote:
> > > > On Monday 12 February 2007 18:13:17 Bruno Costacurta wrote:
> > > > > On Monday 12 February 2007 16:20, Joel Bryan Juliano wrote:
> > > > > > On 2/12/07, Bruno Costacurta <pubmb01 at skynet.be> wrote:
> > > > > > > Hello,
> > > > > > >
> > > > > > > is SELinux available for Ubuntu ?
> > > > > > > Are there some packages ? Which ?
> > > > > > >
> > > > > > > Apparently package 'selinux-policy-default' is broken...
> > > > > >
> > > > > > Yes, it's available in Ubuntu, but currently the targeted policy
> > > > > > only works well on "permissive" mode. I think enforcing policy
> > > > > > will work if there's a custom policy, specifically for Ubuntu.
> > > > > >
> > > > > > you would have to install the specific policy, since
> > > > > > selinux-policy-default is a metapackage of selinux-basics and
> > > > > > selinux-policy-targeted.
> > > > > >
> > > > > > Then relabel the system (i.e $ relabel /, or touch /.autorelabel
> > > > > > and reboot)
> > > > > >
> > > > > > BTW, some say permissive mode does not do something on the
> > > > > > system. I tried installing beagle with permissive mode, and it
> > > > > > failed, since chage is disallowed to change user priorities.
> > > > > >
> > > > > > Another is try running X on a chroot environment, (LiveCD with $
> > > > > > cd dev && MAKEDEV generic), and the themes doesn't apply.
> > > > > >
> > > > > > I think permissive mode does have effects.
> > > > > >
> > > > > > > .
> > > > > > > sudo apt-get install selinux-policy-default
> > > > > > > Reading package lists... Done
> > > > > > > Building dependency tree
> > > > > > > Reading state information... Done
> > > > > > > The following NEW packages will be installed:
> > > > > > > selinux-policy-default
> > > > > > > ...etc...
> > > > > > > /usr/sbin/load_policy: Can't load policy: No such file or
> > > > > > > directory make: *** [tmp/load] Error 2
> > > > > > > .
> > > > > > >
> > > > > > > Many thanks for any clue.
> > > > > > > Bye,
> > > > > > > Bruno
> > > > > > >
> > > > > > > --
> > > > > > > ubuntu-users mailing list
> > > > > > > ubuntu-users at lists.ubuntu.com
> > > > > > > Modify settings or unsubscribe at:
> > > > > > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > > > > >
> > > > > > --
> > > > > > Carpe Diem
> > > > >
> > > > > I installed package 'selinux-basics', make relabel and add
> > > > > selinux=1 as a kernel parameter in the grub boot and reboot.
> > > > > However getenforce allways return disabled.
> > > > > How to enabled SElinux in permissive mode ?
> > > > >
> > > > > Note : I have the feeling that SELinux is not started : touch
> > > > > /.autorelabel is not working as file strangely remains in place
> > > > > after reboot.
> > > > >
> > > > > Thanks,
> > > > > Bruno
> > > >
> > > > It seems that SELinux is in fact started as showed in
> > > > /var/log/messages : ...
> > > > Kernel command line: root=UUID=29479c95-3dbf-490f-b943-be016b9db02a
> > > > ro quiet splash selinux=1
> > > > SELinux: Initializing.
> > > > SELinux: Starting in permissive mode
> > > > SELinux: Registering netfilter hooks
> > > > selinux_register_security: Registering secondary module capability
> > > > ...
> > > > but getenforce return disabled which tends to show that SELinux start
> > > > does'nt complete.
> > > >
> > > >
> > > > Bye,
> > > > Bruno
> > >
> > > Make sure you have policycoreutils and checkpolicy installed,
> > >
> > > I have the similar problem before on Selinux, I solved it by
> > >
> > > 1. --purging the entire selinux installation
> > > 2. Install policycoreutils, selinux-refpolicy-targeted, and lastly
> > > install selinux-policy-basic. Then relabel.
> > >
> > > I'm also trying to make a policy that would work on enforcing mode.
> > > Currently, the selinux-policy-targeted can work with enforcing mode if
> > > some daemons is to be turned off (syslogd), and must boot the kernel
> > > in read-write, I also set the fsck to autofix=yes.
> > >
> > > I hope this helps,
> > > Joel
> > >
> > > > --
> > > > ubuntu-users mailing list
> > > > ubuntu-users at lists.ubuntu.com
> > > > Modify settings or unsubscribe at:
> > > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
> > >
> > > --
> > > Carpe Diem
> >
> > Hi Joel,
> >
> > could you confirm or detail package 'selinux-refpolicy-targeted' please ?
> > I cannot find it...
> > Many thanks.
> >
> > Bye,
> > Bruno
>
> I'm sorry, it's selinux-policy-refpolicy-targeted. :-)
>
Sorry but cannot find this one either.
I'm using Ubuntu Edgy 6.10 and have repos restricted / universe / multiverse .
Bye,
Bruno
More information about the ubuntu-users
mailing list