Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 11-29-2016, 10:31 PM   #1
Registered: Nov 2016
Location: Geneva
Distribution: native install of Parrot Home Edition 5.0 Debian (no security tools) 64 bit, KDE, 5.14.0-9parrot1,
Posts: 873

Rep: Reputation: Disabled
How to addon SELinux to Debian?

Where do I need to go to add on SELinux?
for Debian
Old 11-30-2016, 02:37 AM   #2
LQ Guru
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
You just install the policy and a few tools. Read the selinux man page. There is a flag file you create that tells linux to label the file system for selinux. You can control selinux with two boot parameters in the kernel line if grub: selinux=1,0 and enforcing=1,0; but it's 1 or 0. 1 means on and 0 means off.
Old 11-30-2016, 02:05 PM   #3
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 421

Rep: Reputation: 74
As far as I know, SELinux is unsupported on current Debian stable. Perhaps it would be supported on next release?
Old 12-01-2016, 11:38 AM   #4
LQ Veteran
Registered: Jul 2006
Location: London
Distribution: PCLinuxOS, Salix
Posts: 6,155

Rep: Reputation: 2318Reputation: 2318Reputation: 2318Reputation: 2318Reputation: 2318Reputation: 2318Reputation: 2318Reputation: 2318Reputation: 2318Reputation: 2318Reputation: 2318
SELinux is built into the kernel, so it is there in Debian: just disabled. This page has the links to instructions on how to set it up.

Note the warning that Debian doesn't do much testing of SELinux "so you might run into quite some issues". That sounds ominous! Do you really need SEL? That really is Linux for paranoids: it was developed for the use of government security agencies. Personally, I'd say that if you do need it for some mysterious reason, you should be running CentOS, where it's enabled by default.

The protection system used by Debian is AppArmor:
This is considered to be easier, if not quite so powerful: see the Wikipedia articles on both systems.
Old 12-01-2016, 11:22 PM   #5
Registered: Jan 2012
Location: Inside the oven
Distribution: Windows
Posts: 421

Rep: Reputation: 74
Having SELinux support in the kernel is not enough. You got to need the tools, applications compiled against it and policies that makes SELinux usable to end users.
Old 12-24-2016, 01:54 AM   #6
LQ Newbie
Registered: Oct 2016
Posts: 24

Rep: Reputation: Disabled
Using SELinux on Debian Stretch is great as Stretch provides the latests versions of the essential tools like SETools3, and the SELinux User Space utilities and libraries version 2.6. Not even Fedora Rawhide has these, so in that sense Debian has the advantage.

To complement the above I have created a policy model that, I would argue, is (close to) perfect for a community distribution such as Debian. The model provides a a solid base to build upon. By default it does not block much so if you do not actually use it, you probably wont even notice it is there. The purpose is to lower the barrier of entrance though. Meaning, You can have SELinux enabled and at your disposal, but not use it or use it at your own pace to address your own security challenges. It makes it accessible. You can compare it to the default iptables config in Debian where your tables are empty but set to allow by default. Unless you are aware of iptables you will not notice its presence, however it is there and ready to be used.

The only thing one really hs to do is to learn what security challenges SELinux helps to address, Learn how SELinux helps to address the aforementioned access control challenges, and learn how to speak to, and listen to SELinux.

Here is a blog post with instructions and demo videos:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Squeeze: Cannot have Flashgot Iceweasel addon detecting media streams Windows Or Linux Linux - Newbie 5 01-17-2012 01:59 PM
Implementing SeLinux on Debian 5 (Lenny) -- can't install "selinux-basics" bashFUL Linux - Security 3 10-17-2011 01:16 AM
Tomboy/ Glib -related SELinux problem? on Debian Squeeze spoovy Linux - Security 2 09-06-2010 04:38 AM
[SOLVED] Debian and SELinux Vijay Kadam Linux - Newbie 1 09-03-2010 04:08 PM
SELinux on Debian blocks dhcp, 3D Lord Estraven Linux - Software 9 10-08-2008 04:28 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:46 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration