This post is a request for information, tutorials, documentation, etc on using SELinux with Ubuntu or Debian. I am very interested in deploying it and documenting it (as I tend to do here, of course) but I’m not finding much information. If you have:
- Been able to deploy it on Ubuntu / Debian
- Can refer me to documentation on doing so
- Can give me information on the any status of the possibility
please let me know. I am perfectly aware that Apparmor has been chosen beginning with 7.10 but I would prefer not to use it. If I’m going to use one I’d prefer to use SELinux. If anyone can point me toward making this work I would very much appreciate it.
http://wiki.debian.org/SELinux?highlight=%28selinux%29
What’s wrong with Apparmor then?
@apokryphos: It must be because is a Novell technology. But technically speaking I don’t see any reason to go over SELinux instead of AppArmor.
@Weeber: AppArmor uses a flawed “path based seucity” mechanism where SELinux uses inode based security. Even if you move an SELinux protected file, it is protected.
If you make a copy of an application protected by AppArmor and then run it to exploit it, you can. Read this blog posting for a really good example of why AppArmor’s architecture is completely flawed:
http://securityblog.org/brindle/2006/04/19/security-anti-pattern-path-based-access-control/
Weeber: you must be kidding?
I take it whoever follows that Philosophy is also not using the KDE, GNOME, X.org, Compiz, Mono, Kernel, OOo, GCC, ALSA (the list goes on) technology that Novell is also working on?
There was an article on SELinux in the June 2007 isse of Linux Format magazine (UK but available in B&N and Borders, among other places). It wasn’t very long, but it did go over the basic commands and uses, and even briefly discussed the differences between it and AppArmor. You might try the Library, or see if a friend has the issue.
So went to the Sllug meeting then 🙂
I’ve been looking into this myself, and I find that the only real use for this would be a server architecture. And really, Ubuntu isn’t quite up to par with many heavy server applications. And besides, SE linux is still quite unstable (despite what we were told)
“SE linux is still quite unstable (despite what we were told)”
BS. Fedora from Core 3 and RHEL from 4 have been using it successfully. What the heck do you mean by SELinux being unstable anyway?
SELinux is in upstream kernel unlike the flawed apparmour. To the blog poster, you might be better off using Fedora or RHEL or rebuilds if you want good SELinux support.
anyone know how to setup selinux or even get it to run?
@jayson – see this post: http://ubuntu-tutorials.com/2008/03/18/how-to-install-selinux-on-ubuntu-804-hardy-heron/