LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 05-19-2007, 04:09 PM   #1
alethio
LQ Newbie
 
Registered: May 2007
Distribution: Ubuntu Feisty
Posts: 1

Rep: Reputation: 0
Question SELinux on Ubuntu Feisty with refpolicy - various teething problems


Hi All,

I am trying to set up SELinux on Ubuntu Feisty. In order to get to the stage I have I have had to jump through a number of hoops. So far I have:
  • Rebuild kernel to start SELinux by default
  • Removed Upstart, added System V Init from freshmeat /w patch to ensure policy is loaded on boot.
  • Added the appropriate lines to /etc/pam.d/ files (login, ssh).
  • Added myself to the users file [root already there].
  • Am using selinux-refpolicy-targeted (Debian Package Name) as advised because this is under thorough development by the FC team.
  • Labelled file system etc...
I am however having a number of problems, which in no particular order are:
1) dmesg shows a number of errors looking like this:
Code:
[ 1126.720000] inode_doinit_with_dentry:  context_to_sid(kernel) returned 22 for dev=dm-0 ino=12587502
which are noticable on boot.
2) Logging in seems to take a long time via X/GDM which it didn't before. Now 5 minutes as opposed to about 15 seconds.
3) Logging in under tty[1-6] asks me for a security context (not on root) and no matter what I type, I still get an auth failure. Suspect I'm not understanding this stage...
4) The policy doesn't seem to be in permissive mode despite this output:[CODE]
Code:
root@alethio:~# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          permissive
Policy version:                 21
Policy from config file:        .
If anyone could point me in the right direction I'd be grateful - I understand SELinux isn't supported on Ubuntu but I'm still determined to get it working,

Thanks,

Alethio

Last edited by alethio; 05-19-2007 at 04:23 PM.
 
Old 05-20-2007, 05:17 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,744
Blog Entries: 54

Rep: Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973Reputation: 2973
1) The audit log / dmesg stuff that relates to rules maybe could be ironed out by running audit2allow.
2) I also noticed initial logins on FC6 taking way longer. Consecutive logins didn't take as long though.
3) I don't pretend to grok SELinux, but if IIRC an unprivileged user in the user context of his/her own account should have role "user_r". Post your error messages.
4) Bummer. If it's not in permissive mode, check if the kernel was compiled with "NSA SELinux Development support", you need that for permissive mode. If the kernel was compiled with "NSA SELinux boot parameter" you can also make running permissive mode a boot arg (enforcing=0) which comes in handy when testing (as opposed to disabling SELinux which will fsck up your systems labelling).

There's lotsa docs on SELinux and there's SELinux mailinglists you could search / join. However in the case of vast subjects like SELinux IMHO nothing beats a dead tree copy like Prentice Hall's SELinux by Example.
 
  


Reply

Tags
security, selinux, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ubuntu Feisty Fawn Install Problems on PowerMac G5 jmelizondo Linux - Software 0 05-13-2007 10:25 PM
LXer: The Perfect Setup - Ubuntu Feisty Fawn (Ubuntu 7.04) LXer Syndicated Linux News 0 04-20-2007 04:31 PM
possible DNS problems in ubuntu Feisty CSandman Linux - Networking 7 04-03-2007 01:14 PM
Teething Problems (Mouse and reboot/halt) brinkster Mandriva 0 12-06-2004 04:15 AM
suse 9.1, teething problems toddncl Linux - Newbie 4 07-05-2004 10:01 AM


All times are GMT -5. The time now is 10:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration