[ubuntu-hardened] Correctly Enabling SELinux on Intrepid

Hi All,

I've been trying to enable SELinux on Intrepid. In my quest to get it working I have:

• Installed selinux (apt-get install selinux).
• Modified my /etc/initramfs-tools/scripts/init-bottom/_load_policy to point to /usr/sbin/ as per https://bugs.launchpad.net/ubuntu/+source/selinux/+bug/277030.
• Modified grub to pass selinux=1 to the kernel
• Rebooted.
• Got in fine. Then installed selinux-policy-default (which conflicts with selinux??) to actually install a policy.
• Rebooted, appending enforcing=1 to the kernel from grub.

This is where the problems began. I got as far as X (gdm) and couldn't login. From the tty's selinux is successfully denying me access to /bin/bash and as a result won't let me log in... at all.

I'm trying to get selinux going on my system if possible. I then proceeded to install selinux-policy-src and have compiled that. I don't seem to get as far as X in that case and my /home partition won't load... although that's not really surprising as I did simply compile the policy with a few minor modifications. I'm looking into using checkpolicy -U allow instead of -U deny for my policy.

So, how do I get to the point where I have a policy running in enforcing mode on my system? I can clearly get selinux working... but the policy being used seems to be the problem.

Thanks

ledefi.88

-- ubuntu-hardened mailing list ubuntu-hardened@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened

• This message: [ Message body ]
• Next message: Aaron Toponce: "Re: [ubuntu-hardened] Correctly Enabling SELinux on Intrepid"
• Previous message: Aaron Toponce: "Re: [ubuntu-hardened] ubuntu-hardened Digest, Vol 32, Issue 2"
• Next in thread: Aaron Toponce: "Re: [ubuntu-hardened] Correctly Enabling SELinux on Intrepid"
• Reply: Aaron Toponce: "Re: [ubuntu-hardened] Correctly Enabling SELinux on Intrepid"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]