2017-05-25 21:54 GMT+02:00 Lev Kuznetsov <lev.kuzn...@gmail.com>: > Thanks for your reply Christian!!! > I have tried the default policy... > It didnt seem to have any errors but when I changed the grub command to run > selinux, it didnt work - I saw SELinux init msg in the kernel log, but it > wasnt able to load the policy...)
Some preconditions I think you met already: The kernel must be compiled with SELinux support: CONFIG_SECURITY_SELINUX=y The kernel must be booted with the cmdline option 'security=selinux' In the file /etc/selinux/config there should be the follwing lines: SELINUX=enforcing SELINUXTYPE=default # or some other policy name Then there should be the binary policy at /etc/selinux/POLICY_NAME/policy/policy.POLICY_VERSION where POLICY_NAME is the policy name from above and POLICY_VERSION a number up to 30 (depended on kernel version) If not, you might need to load the modules, e.g. semodule -X 100 -i /usr/share/selinux/default/* > Did you had a successful experience with SELinux and Debian 8 (jessie)? if > yes, that will give me some motivation to continue :) I maybe used SELinux on jessie some years ago, nowadays I use it on stretch/sid. > I also tried your suggestion with > https://github.com/TresysTechnology/refpolicy/wiki/UseRefpolicy I will try a > clean install... > > p.s. > I think refpolicy and default policy are from the same source... Yes, with some Debian related patches > And again, thanks for your reply, I really appreciate it! > > On Tue, May 23, 2017 at 8:21 PM, Christian Göttsche <cgzo...@googlemail.com> > wrote: >> >> Did you try to install the selinux-policy-default package from stretch >> or testing? (Are there any errors?) >> >> SELinux needs a policy to be enabled, otherwise you can try the >> upstream reference policy >> https://github.com/TresysTechnology/refpolicy/wiki/UseRefpolicy >> >> 2017-05-20 17:12 GMT+02:00 Lev Kuznetsov <lev.kuzn...@gmail.com>: >> > Hi all, >> > Ive been struggling with this for over a week now :( >> > 2 questions: >> > 1) Is SELinux supported on Debian GNU/Linux 8.7 (jessie) ? >> > With custom 3.16.43 Kernel (compiled with SELinux support): >> > Linux debian 3.16.43custom #34 SMP Mon May 15 20:55:00 EDT 2017 i686 >> > GNU/Linux >> > >> > 2) If so, how to enable some example policy? >> > I am trying to use the instructions from here >> > (https://wiki.debian.org/SELinux/Setup) >> > The problem is that selinux-policy-default is not part of debian >> > packages >> > sine it failed some tests... Any instructions I tried to install the >> > package >> > are not working... Although the installation finishes, SELinux is not >> > acivated on startup.... >> > >> > >> > Any advice/help is appreciated... Even a 'Yes'/'No' answer from someone >> > who >> > has tried that... >> > >> > Additional info: >> > I see in the SELinux is initialized in the kernel log, but no policy is >> > loaded and SELinux is disabled when running "sestatus" >> > >> > Thanks, Lev >> > >> > _______________________________________________ >> > SELinux-devel mailing list >> > SELinux-devel@lists.alioth.debian.org >> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel > > > > > -- > Regards, > Lev Kuznetsov _______________________________________________ SELinux-devel mailing list SELinux-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel