[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

[Resolved] SELinux in Debian

I am interested in feedback from anyone who want to help with this.

Be sure that apparmor is diable first or else it won’t work.
This can be useful for those who want to run an alternative MAC on their Debian hosts to isolate virtual machines. SELinux has its merits.

So far when running this guide I reach a point where SELinux is all setup with no conflicts showing in the logs. However getting it to enforce is not working.

http://debian-handbook.info/browse/stable/sect.selinux.html << Please cite this guide in the documentation just in case someone want more information.

Successfully running SELinux Enforcing mode in Whonix with no problems. For Debian users who want in general to use a more powerful Mandatory Access Control framework follow these steps. sVirt uses it if its enabled with no extra input needed.

# aptitude install selinux-basics selinux-policy-default # selinux-activate # reboot

sudo nano /etc/default/grub

Replace all mention of apparmor in settings for GRUB_CMDLINE_LINUX with selinux=1 and the enforcing=1 parameter to the Linux kernel. The audit=1 parameter enables SELinux logging which records all the denied operations.
Remove the line under it that starts with: GRUB_CMDLINE_LINUX_DEFAULT

update-grub

rock and roll

Check SELinux status using

This fits into https://www.whonix.org/wiki/Advanced_Security_Guide below AppArmor.

Nice. Now, we just have to write policy modules (targeted, strict?). For having had a little more than a look, I can tell it’s not a walk in the park.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]