Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: selinux on intrepid

  1. #11
    Join Date
    Dec 2007
    Beans
    127

    Re: selinux on intrepid

    I had trouble installing selinux and getting it to work. The following command:

    sudo apt-get install selinux

    installed selinux and selinux-policy-dummy. Consequently, selinux was not enabled because of the lack of a policy folder in the /etc/selinux directory. Additionally, during boot, a load_policy file not found error occurred after the init process started. The problem was the _load_policy script in the /etc/initramfs/scripts/init-bottom was pointing to the wrong directory. I changed it from /sbin/policy to /usr/sbin/load_policy and ran the following command

    sudo update-initramfs -u -k `uname -r`

    Nevertheless, there was no policy in the etc directory. I tried to install "sudo apt-get install selinux-policy-default", which proceeded to uninstall selinux. I appears the selinux on Ubuntu is hosed, and after much dubbing around with this, I decided to install the latest selinux packages from the http://www.debian.org/distrib/packages ( I used Lenny in order to get the next highest version over the Ubuntu version). I installed anything that had to do with selinux. Below is a list of files that I used:

    libselinux1_2.0.65-5_amd64.deb
    libsemanage1_2.0.25-2_amd64.deb
    libsetools-tcl_3.3.5.ds-5_amd64.deb
    policycoreutils_2.0.49-6_amd64.deb
    python-selinux_2.0.65-5_amd64.deb
    python-semanage_2.0.25-2_amd64.deb
    python-sepolgen_1.0.11-5_all.deb
    selinux-basics_0.3.5_all.deb
    selinux-doc_1.26-1_all.deb
    selinux-policy-default_0.0.20080702-6_all.deb
    selinux-policy-doc_0.0.20080702-6_all.deb
    selinux-policy-mls_0.0.20080702-6_all.deb
    selinux-policy-refpolicy-doc_0.0.20061018-5.1+etch1_all.deb
    selinux-policy-refpolicy-targeted_0.0.20061018-5.1+etch1_all.deb
    selinux-policy-src_0.0.20080702-6_all.deb
    setools_3.3.5.ds-5_amd64.deb

    Lastly, I had to change the init program from upstart-compat-sysv to sysvinit to be able to boot selinux

    sudo apt-get install sysvinit

    Nothing seems to ever go that smooth. After installing sysvinit, I could not gracefully reboot. It would just go back to the login screen. Luckily, I had sysrqd installed, which I allowed me to gracefully sync and unmount the RAID hard drives, then reboot. If you want more info on sysrqd, google it with the "REISUB" keyboard sequence


    Note: the audit2allow command from Ubuntu did not work because of the import python-sepolgen error. The import statement should just be sepolgen. Additionally, there was a problem with the python-selinux shared object file. Updating all selinux packages cured this problem. Hence, audit2allow command works fine after upgrade.

    Hope this info helps!

  2. #12
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: selinux on intrepid

    Thank you for the information tgilber1

    To be honest, for all that effort, I would almost prefer to install from source or better use Fedora or Centos.

    +1 on audit2allow

    It is a really really nice tool.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  3. #13
    Join Date
    Jul 2007
    Beans
    305
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: selinux on intrepid

    The default security framework in Ubuntu is AppArmor (developed by Novell) which is easier to configure.
    iplist

    "Specialization is for Insects", R. Heinlein

Page 2 of 2 FirstFirst 12

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •