You are not logged in.
I am trying to get SELinux to work. I was pointed to the Gentoo SELinux
Handbook, allegedly a very definitive document on how to work with SELinux. I am
in the HOWTO section and I can't do any of this stuff without turning up an
error.
For example, the VERY FIRST STEP, it tells me to run the following command:
semodule -B
I do so. Instead of working, SELinux demonstrates its typical hatred of all
humanity with the following output:
semodule: SELinux policy is not managed or store cannot be accessed.
So my question, is there ANY way to make this security framework designed by
technical sadists in the NSA a lot easier to use or am I out of luck?
Anyone have any clue how to actually use SELinux? Or do I have to buy a big,
long book on this needlessly and overly complex security framework?
Offline
You could check the Fedora forums... they've have SElinux working on Fedora
for a while now.
Deej
Offline
I agree that it's a sadistic and painful peice of kit -- that's why I always disable it.
But never the less, the standard Arch kernel doesn't include SELinux AFAIK:
fukawi2 ~ $ zgrep SELINUX /proc/config.gz
# CONFIG_SECURITY_SELINUX is not set
Have you compiled your own kernel?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Sorry to dig up this old thread, but I was having this same problem and I found a solution to this.
You have to have a modular SELinux policy to be able to use semanage. So, if you are following the wiki article about SELinux (http://wiki.archlinux.org/index.php/SELinux), you have to change the file /etc/selinux/refpolicy/src/policy/build.conf to have the option
MONOLITHIC = n
Also, you have to make sure to run semanage as root.
One problem I am having is that when I boot up, a lot of things in /dev/ are labeled as lib_t. For instance, /dev/null is system_u:object_r:lib_t, instead of system_u:object_r:null_device_t.
So, when I boot up,
# ls -laZ /dev/null
crw-rw-rw-. 1 root root system_u:object_r:lib_t 1, 3 Apr 22 08:02 /dev/null
But,
# semanage fcontext -l | grep null
/dev/full character device system_u:object_r:null_device_t
/dev/null character device system_u:object_r:null_device_t
So this is fixed if I run `restorecon -r /`. Does restorecon have to be run after every bootup?
Last edited by partner55083777 (2010-04-22 16:11:01)
Offline