Comments on: Installing SE Linux on Debian/Lenny

By: Oliver W

Oliver W — Wed, 05 Aug 2009 06:07:06 +0000

I’m running Debian Lenny with the default SELinux packages installed. Is it normal that I’m getting numerous denials (which I’m gradually fixing using audit2allow, generating my own local.te) in regard to logrotate? This is what I have in my local.te right now:

#============= logrotate_t ==============
allow logrotate_t crond_t:process ptrace;
allow logrotate_t inetd_t:process ptrace;
allow logrotate_t init_t:process ptrace;
allow logrotate_t initrc_t:process ptrace;
allow logrotate_t kernel_t:process ptrace;
allow logrotate_t ntpd_t:process ptrace;
allow logrotate_t postfix_master_t:process ptrace;
allow logrotate_t postfix_qmgr_t:process ptrace;
allow logrotate_t restorecond_t:process ptrace;
allow logrotate_t self:capability sys_ptrace;
allow logrotate_t sshd_t:process ptrace;
allow logrotate_t syslogd_t:process ptrace;
allow logrotate_t udev_t:process ptrace;
allow logrotate_t unconfined_home_dir_t:dir search;

By: Cristian F

Cristian F — Tue, 07 Apr 2009 19:08:41 +0000

Hi!

I have another problem since I have installed SELinux and configuring it to run enforced.
I have 2 NTFS hdd which I mount them automatic with FSTAB. Before I installed SELinux they were mounted properly and all was OK. But after installation, when I boot the system come an error that says that ntfs-3g couldn’t be mounted (ntfs-3g mount failed) and suggest to run “modprobe fuse”.
Any idea and suggestions how can I solve this problem?

Thanks,
Cristian F

By: Cristian F

Cristian F — Tue, 07 Apr 2009 18:59:09 +0000

Have u solved this error or warning more.

W: Conflicting distribution: http://www.coker.com.au lenny Release (expected lenny but got )
W: You may want to run apt-get update to correct these problems

Thanks,
Cristian F

By: Russell Coker

Russell Coker — Mon, 16 Feb 2009 03:41:44 +0000

mjf: I run several systems in ways that are similar without problem.

Anything that happens before init is not affected by SE Linux – but such things should not leave user-space processes running.

By: mjf

mjf — Mon, 05 Jan 2009 19:33:30 +0000

Hello.

I am using dm-crypted / and /home partitions on my workstation (pure Debian/Lenny, perhaps with some added software like MPlayer from debian-multimedia.org). I would like to start using SELinux on this workstation. I must stress that I use home-brewed initrd to initialize encryption of the partitions (very special one). After pivot_root and executing the system /sbin/init the system boot process continues in common way. Shall I expect some terse complications enabling SELinux in such configuration?

Thank you for your response.

Sincerely,

–
mjf

By: etbe

etbe — Thu, 01 Jan 2009 00:14:53 +0000

Philip: I’ve updated this document to describe the correct way of doing this. selinux-basics has commands to do these things, and they were written before your comment (my documentation lagged behind the code – my fault).

Your comment was correct, and will still work for anyone who chooses not to use the scripts.

By: Philip

Philip — Mon, 03 Nov 2008 18:09:55 +0000

Don’t forget to uncomment the relevant line in /etc/pam.d/login. Without this you’ll be logged in as local_login_t which is bad. Probably good to take a look at the Debian SELinux setup page on the Debian wiki page: http://wiki.debian.org/SELinux/Setup

Some of the info there does seem to be out of date however.

By: etbe

etbe — Sun, 14 Sep 2008 22:59:52 +0000

kamil: That’s a cosmetic error. I haven’t yet worked out how to solve it.

By: kamil

kamil — Thu, 04 Sep 2008 21:37:33 +0000

Running apt-get(or aptitude) update gives a warning: “Conflicting distribution: http://www.coker.com.au lenny Release (expected lenny but got )”. However, it seems to download what it should. I have selinux up and running. Do you know what causes this warning?