Is AppArmor already installed and running? It is on my system, maybe this would conflict with SeLinux?
# aa-status https://wiki.debian.org/AppArmor/HowToUse DISABLE APPARMOR AppArmor is a security mechanism and disabling it is not recommended. If you really need to disable AppArmor on your system: https://reintech.io/blog/securing-debian-12-with-selinux By default, Debian comes with AppArmor, another security module, so you may need to switch to SELinux manually. Here's how you can enable SELinux on your Debian 12 system: sudo apt-get update sudo apt-get install selinux-basics selinux-policy-default auditd George. On Friday, 17-05-2024 at 14:49 Antonio Russo wrote: Hello, I'm trying to get selinux working on a fresh, gui-free installation of bookworm. I'm not trying to run any servers, nor use standard desktop utilities (yet). I was hoping this setup would be simple enough that selinux would be simple to get going. I'm following [1], which is very straightforward. The problem I'm getting is that it seems woefully incomplete. I cannot even login (com="agetty" is showing up in audit2why). Now, obviously, I could follow the instructions and use audit2allow, and go down the rabbit hole for configuring policies. But, really? No one has fixed the login-at-the-console use case? I'm sure I must be doing something wrong. All I've really done is: apt-get install selinux-basics selinux-policy-default auditd selinux-activate (reboot) (set enforcing=1 in grub) update-grub touch /.autorelabel (reboot) And then I cannot log in. Going back and unsetting enforcing=1 in grub, and I can use audit2why. Does anyone who actually uses selinux have any hints? Best, Antonio [1] https://wiki.debian.org/SELinux/Setup
