SELinux安装

Question

I am trying to download SELinux on an Ubuntu 11.04 using apt-get .

When I tried:

$ sudo apt-get install selinux

I got the following error:

The following packages have unmet dependencies:
selinux : PreDepends: grub-pc but it is not installable
E: Broken packages

I then downloaded selinux-utils , selinux-basics .

After this, I checked for the selinux file under /etc/sysconfig but I couldn't find it.

Also, when I tried

$ setenforce 1

it returns:

setenforce: SELinux is disabled

What are the dependencies? What should I download? How can I resolve this?

Answer 1

It looks like you don't GRUB (bootloader). I guess SELinux requires some changes in kernel so install your system with GRUB. Than installing SELinux just by 'apt-get install selinux' is correct.

Answer 2

Running SELinux under a Linux distribution requires three things: An SELinux enabled kernel, SELinux Userspace tools and libraries, and SELinux Policies. I'm guessing either your Kernel was compiled without the SELinux option enabled, and/or an issue related to your bootloader (grub-pc). This is from the Kernel docs.

If you want to use SELinux, chances are you will want to use the distro-provided policies, or install the latest reference policy release from http://oss.tresys.com/projects/refpolicy

However, if you want to install a dummy policy for testing, you can do using 'mdp' provided under scripts/selinux. Note that this requires the selinux userspace to be installed - in particular you will need checkpolicy to compile a kernel, and setfiles and fixfiles to label the filesystem.

1. Compile the kernel with selinux enabled.
2. Type 'make' to compile mdp.
3. Make sure that you are not running with SELinux enabled and a real policy. If you are, reboot with selinux disabled before continuing.
4. Run install_policy.sh: cd scripts/selinux sh install_policy.sh

Step 4 will create a new dummy policy valid for your kernel, with a single selinux user, role, and type. It will compile the policy, will set your SELINUXTYPE to dummy in /etc/selinux/config, install the compiled policy as 'dummy', and relabel your filesystem.

Answer 3

I suggest to uninstall AppArmor because it may conflict with SELinux:

Remove apparmor
Remove apparmor-util