[DSE-Dev] SELinux in Debian

Lev Kuznetsov lev.kuznets at gmail.com
Thu May 25 20:25:04 UTC 2017 

Thanks!
I'll try your suggestions in a day or so...

On May 25, 2017 23:21, "Christian Göttsche" <cgzones at googlemail.com> wrote:

> 2017-05-25 21:54 GMT+02:00 Lev Kuznetsov <lev.kuznets at gmail.com>:
> > Thanks for your reply Christian!!!
> > I have tried the default policy...
> > It didnt seem to have any errors but when I changed the grub command to
> run
> > selinux, it didnt work - I saw SELinux init msg in the kernel log, but it
> > wasnt able to load the policy...)
>
> Some preconditions I think you met already:
> The kernel must be compiled with SELinux support: CONFIG_SECURITY_SELINUX=y
> The kernel must be booted with the cmdline option 'security=selinux'
>
> In the file /etc/selinux/config there should be the follwing lines:
> SELINUX=enforcing
> SELINUXTYPE=default # or some other policy name
>
> Then there should be the binary policy at
> /etc/selinux/POLICY_NAME/policy/policy.POLICY_VERSION
> where POLICY_NAME is the policy name from above and POLICY_VERSION a
> number up to 30 (depended on kernel version)
> If not, you might need to load the modules, e.g. semodule -X 100 -i
> /usr/share/selinux/default/*
>
> > Did you had a successful experience with SELinux and Debian 8 (jessie)?
> if
> > yes, that will give me some motivation to continue :)
>
> I maybe used SELinux on jessie some years ago, nowadays I use it on
> stretch/sid.
>
> > I also tried your suggestion with
> > https://github.com/TresysTechnology/refpolicy/wiki/UseRefpolicy I will
> try a
> > clean install...
> >
> > p.s.
> > I think refpolicy and default policy are from the same source...
>
> Yes, with some Debian related patches
>
> > And again, thanks for your reply, I really appreciate it!
> >
> > On Tue, May 23, 2017 at 8:21 PM, Christian Göttsche <
> cgzones at googlemail.com>
> > wrote:
> >>
> >> Did you try to install the selinux-policy-default package from stretch
> >> or testing? (Are there any errors?)
> >>
> >> SELinux needs a policy to be enabled, otherwise you can try the
> >> upstream reference policy
> >> https://github.com/TresysTechnology/refpolicy/wiki/UseRefpolicy
> >>
> >> 2017-05-20 17:12 GMT+02:00 Lev Kuznetsov <lev.kuznets at gmail.com>:
> >> > Hi all,
> >> > Ive been struggling with this for over a week now :(
> >> > 2 questions:
> >> > 1) Is SELinux supported on Debian GNU/Linux 8.7 (jessie) ?
> >> > With custom 3.16.43 Kernel (compiled with SELinux support):
> >> > Linux debian 3.16.43custom #34 SMP Mon May 15 20:55:00 EDT 2017 i686
> >> > GNU/Linux
> >> >
> >> > 2) If so, how to enable some example policy?
> >> > I am trying to use the instructions from here
> >> > (https://wiki.debian.org/SELinux/Setup)
> >> > The problem is that selinux-policy-default is not part of debian
> >> > packages
> >> > sine it failed some tests... Any instructions I tried to install the
> >> > package
> >> > are not working... Although the installation finishes, SELinux is not
> >> > acivated on startup....
> >> >
> >> >
> >> > Any advice/help is appreciated... Even a 'Yes'/'No' answer from
> someone
> >> > who
> >> > has tried that...
> >> >
> >> > Additional info:
> >> > I see in the SELinux is initialized in the kernel log, but no policy
> is
> >> > loaded and SELinux is disabled when running "sestatus"
> >> >
> >> > Thanks, Lev
> >> >
> >> > _______________________________________________
> >> > SELinux-devel mailing list
> >> > SELinux-devel at lists.alioth.debian.org
> >> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
> >
> >
> >
> >
> > --
> > Regards,
> > Lev Kuznetsov
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20170525/14c2305d/attachment.html>

More information about the SELinux-devel mailing list