8

I've installed SELinux in Debian sid in order to use the sandbox that locks down apps to a restricted environment, but I can't get it to work. If I try to use the sandbox command in permissive mode without any options, like sandbox nano, I get the following error:

/usr/bin/sandbox: [Errno 22] Invalid argument

And if I try to run it with options for temporary home and tmp dirs, with or without the -X option, another error message pops up:

Could not set exec context to unconfined_u:unconfined_r:sandbox_x_t:s0:c236,c539.
Failed to remove directory /tmp/.sandbox-root-vfZJIt: No such file or directory

I have tried using the sandbox app in enforced mode, but it complains about missing type enforcement rules. I don't think that's the issue though. Does anyone know how to fix this?

Improve this question
1
  • 1
    It seems that the sandbox policy module isn't loaded. If I run semodule -l the sandbox module doesn't show up. Does anyone know how to load the sandbox policy module in Debian? Commented May 2, 2012 at 3:31

1 Answer 1

Reset to default
1

Unfortunately, SELinux support in Debian is far from complete, with some major gaps. It appears the required policy module for this particular functionality just isn't available:

wouter@gangtai:~$ apt-cache show policycoreutils-sandbox
Package: policycoreutils-sandbox
Source: policycoreutils
Version: 2.4-4

[...]

Description-en: SELinux core policy utilities (graphical sandboxes)

[...]

 This package requires an additional custom policy that is not present in
 Debian.

you'll have to find it elsewhere.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.