Thanks! I'll try your suggestions in a day or so... On May 25, 2017 23:21, "Christian Göttsche" <cgzo...@googlemail.com> wrote:
> 2017-05-25 21:54 GMT+02:00 Lev Kuznetsov <lev.kuzn...@gmail.com>: > > Thanks for your reply Christian!!! > > I have tried the default policy... > > It didnt seem to have any errors but when I changed the grub command to > run > > selinux, it didnt work - I saw SELinux init msg in the kernel log, but it > > wasnt able to load the policy...) > > Some preconditions I think you met already: > The kernel must be compiled with SELinux support: CONFIG_SECURITY_SELINUX=y > The kernel must be booted with the cmdline option 'security=selinux' > > In the file /etc/selinux/config there should be the follwing lines: > SELINUX=enforcing > SELINUXTYPE=default # or some other policy name > > Then there should be the binary policy at > /etc/selinux/POLICY_NAME/policy/policy.POLICY_VERSION > where POLICY_NAME is the policy name from above and POLICY_VERSION a > number up to 30 (depended on kernel version) > If not, you might need to load the modules, e.g. semodule -X 100 -i > /usr/share/selinux/default/* > > > Did you had a successful experience with SELinux and Debian 8 (jessie)? > if > > yes, that will give me some motivation to continue :) > > I maybe used SELinux on jessie some years ago, nowadays I use it on > stretch/sid. > > > I also tried your suggestion with > > https://github.com/TresysTechnology/refpolicy/wiki/UseRefpolicy I will > try a > > clean install... > > > > p.s. > > I think refpolicy and default policy are from the same source... > > Yes, with some Debian related patches > > > And again, thanks for your reply, I really appreciate it! > > > > On Tue, May 23, 2017 at 8:21 PM, Christian Göttsche < > cgzo...@googlemail.com> > > wrote: > >> > >> Did you try to install the selinux-policy-default package from stretch > >> or testing? (Are there any errors?) > >> > >> SELinux needs a policy to be enabled, otherwise you can try the > >> upstream reference policy > >> https://github.com/TresysTechnology/refpolicy/wiki/UseRefpolicy > >> > >> 2017-05-20 17:12 GMT+02:00 Lev Kuznetsov <lev.kuzn...@gmail.com>: > >> > Hi all, > >> > Ive been struggling with this for over a week now :( > >> > 2 questions: > >> > 1) Is SELinux supported on Debian GNU/Linux 8.7 (jessie) ? > >> > With custom 3.16.43 Kernel (compiled with SELinux support): > >> > Linux debian 3.16.43custom #34 SMP Mon May 15 20:55:00 EDT 2017 i686 > >> > GNU/Linux > >> > > >> > 2) If so, how to enable some example policy? > >> > I am trying to use the instructions from here > >> > (https://wiki.debian.org/SELinux/Setup) > >> > The problem is that selinux-policy-default is not part of debian > >> > packages > >> > sine it failed some tests... Any instructions I tried to install the > >> > package > >> > are not working... Although the installation finishes, SELinux is not > >> > acivated on startup.... > >> > > >> > > >> > Any advice/help is appreciated... Even a 'Yes'/'No' answer from > someone > >> > who > >> > has tried that... > >> > > >> > Additional info: > >> > I see in the SELinux is initialized in the kernel log, but no policy > is > >> > loaded and SELinux is disabled when running "sestatus" > >> > > >> > Thanks, Lev > >> > > >> > _______________________________________________ > >> > SELinux-devel mailing list > >> > SELinux-devel@lists.alioth.debian.org > >> > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel > > > > > > > > > > -- > > Regards, > > Lev Kuznetsov >
_______________________________________________ SELinux-devel mailing list SELinux-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel