From: bsniffen@mitre.org (Brian T. Sniffen)
To: "Lorenzo Hernández García-Hierro" <lorenzo@gnu.org>
Cc: ubuntu-hardened@lists.ubuntu.com, selinux@tycho.nsa.gov
Subject: Re: [selinux] HOWTO Install SELinux on Ubuntu
Date: Tue, 10 May 2005 15:13:10 -0400 [thread overview]
Message-ID: <d28acn2j3nd.fsf@jon-strange.mitre.org> (raw)
In-Reply-To: <1115152564.15188.24.camel@localhost.localdomain> ( Lorenzo Hernández García-Hierro's message of "Tue, 03 May 2005 22:36:03 +0200")
Lorenzo Hernández García-Hierro <lorenzo@gnu.org> writes:
> It's currently available at:
> http://wiki.tuxedo-es.org/HOWTO_Install_SELinux_on_Ubuntu
>
> If you want to edit something, feel free to do it, but it would be good
Thanks for writing this up. I tried to follow the instructions on an
Ubuntu machine, but had serious problems:
* The basic packages (e.g., coreutils) installed fine. I had some
difficulties with the selinux-aware PAM 0.78 packages: they
complained about a missing module in pam_authenticate. It was
somewhat annoying to debug this, since it caused login and sudo to
fail. I never did solve this problem, because I gave up on:
* The selinux-policy-targeted package in your suggested repository fails to
install. There is no appconfig directory.
* The selinux-policy-default package also fails to install. There are
many .te files without corresponding .fc files. The postinst script
exits with status 1, apparently failing to copy policy/default to
policy/current.
* Those two policy packages conflict in practice, but have neither
diversions nor explicit Conflict headers.
* There is no selinux-support package in your selinux/ubuntu apt
repository---only over in selinux/debian.
This looks like a great project---I'd be very happy to have a second
Desktop SE Linux project for which to develop in parallel with Fedora.
It would help, I think, resolve what are elements of a Desktop SE
Linux install, and what features are really Red Hat's, not necessary
to SE Linux.
But right now, I don't think it's ready for prime time. Since
unhorking a machine with broken PAM is a bit tricky, perhaps you could
add a note to the top of your web page explaining that the following
instructions may break your machine, and to be exceptionally careful
about having a backout-path before attempting them.
-Brian
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-05-10 19:15 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-03 20:36 [selinux] HOWTO Install SELinux on Ubuntu Lorenzo Hernández García-Hierro
2005-05-10 19:13 ` Brian T. Sniffen [this message]
2005-05-10 19:28 ` Lorenzo Hernandez Garcia-Hierro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d28acn2j3nd.fsf@jon-strange.mitre.org \
--to=bsniffen@mitre.org \
--cc=lorenzo@gnu.org \
--cc=selinux@tycho.nsa.gov \
--cc=ubuntu-hardened@lists.ubuntu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.