arkticcool
February 8th, 2009, 11:25 AM
I attempted to install SElinux on 8.10 ibex, and was successful with;
sudo apt-get install selinu
However it wasn't enabled. So I attempted to install a variety of SElinux policies such as
sudo apt-get install selinux-policy-refpolicy
However this did not work as it could no longer locate the file in the repositories. Somehow, I can't remember exactly but I ended up installing a policy which changed the policy from refpolicy to mls.
I then typed in;
sestatus
and it showed the following;
SELinux status: disabled
I then viewed the config file;
sudo gedit /etc/selinux/config
And this is what it showed;
# This example is the file that controls the state of SELinux on the
# system. It normally resides at /etc/selinux/config and must be
# updated whenever the policy changes. Use the script
# /usr/sbin/update-selinux-config to change the policy type, and then
# reload the policy for changes to go into effect.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# refpolicy-targeted - Only targeted network daemons are protected.
# refpolicy-strict - Full SELinux protection.
# refpolicy-src - Custom policy built from source
SELINUXTYPE=mls
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
It states that it is in enforcing mode however sestatus states that it is disabled.
I then followed the instructions on http://cjacobsen.net/?p=183 and install sysvinit;
sudo apt-get install sysvinit
And this is where my problems began. I can no longer reboot or shutdown properly in ubuntu, and whenever I try to remove SElinux;
sudo apt-get remove selinux
it states the following;
:~$ sudo apt-get remove selinux
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
selinux-utils
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
selinux
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 127kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 200299 files and directories currently installed.)
Removing selinux ...
/var/lib/dpkg/info/selinux.prerm: 55: /etc/init.d/selinux: not found
dpkg: error processing selinux (--remove):
subprocess pre-removal script returned error exit status 127
Errors were encountered while processing:
selinux
E: Sub-process /usr/bin/dpkg returned an error code (1)
How can I remove SElinux and reinstall apparmor.
sudo apt-get install selinu
However it wasn't enabled. So I attempted to install a variety of SElinux policies such as
sudo apt-get install selinux-policy-refpolicy
However this did not work as it could no longer locate the file in the repositories. Somehow, I can't remember exactly but I ended up installing a policy which changed the policy from refpolicy to mls.
I then typed in;
sestatus
and it showed the following;
SELinux status: disabled
I then viewed the config file;
sudo gedit /etc/selinux/config
And this is what it showed;
# This example is the file that controls the state of SELinux on the
# system. It normally resides at /etc/selinux/config and must be
# updated whenever the policy changes. Use the script
# /usr/sbin/update-selinux-config to change the policy type, and then
# reload the policy for changes to go into effect.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# refpolicy-targeted - Only targeted network daemons are protected.
# refpolicy-strict - Full SELinux protection.
# refpolicy-src - Custom policy built from source
SELINUXTYPE=mls
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
It states that it is in enforcing mode however sestatus states that it is disabled.
I then followed the instructions on http://cjacobsen.net/?p=183 and install sysvinit;
sudo apt-get install sysvinit
And this is where my problems began. I can no longer reboot or shutdown properly in ubuntu, and whenever I try to remove SElinux;
sudo apt-get remove selinux
it states the following;
:~$ sudo apt-get remove selinux
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
selinux-utils
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
selinux
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
After this operation, 127kB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 200299 files and directories currently installed.)
Removing selinux ...
/var/lib/dpkg/info/selinux.prerm: 55: /etc/init.d/selinux: not found
dpkg: error processing selinux (--remove):
subprocess pre-removal script returned error exit status 127
Errors were encountered while processing:
selinux
E: Sub-process /usr/bin/dpkg returned an error code (1)
How can I remove SElinux and reinstall apparmor.