6

I'm trying to set up SELinux on Debian 6 according to (the instructions reported on the Debian wiki).

I've run this commands:

apt-get install selinux-basics selinux-policy-default 
selinux-activate

After reboot, the system should have taken a while to label the filesystems on boot and then rebooted a second time when that was complete. However, neither labeling nor rebooting occurred.

The command:

check-selinux-installation

returns:

/usr/sbin/check-selinux-installation:19: DeprecationWarning: os.popen3 is deprecated.  Use the subprocess module.
  @staticmethod
/usr/sbin/check-selinux-installation:23: DeprecationWarning: os.popen2 is deprecated.  Use the subprocess module.
  def fix():
getfilecon:  getfilecon(/proc/1) failed
SELinux is not enabled.
Could not read the domain of PID 1.
/etc/pam.d/login is not SELinux enabled
FSCKFIX is not enabled - not serious, but could prevent system from booting...

This is strange because the kernel is SELinux-enabled, and the grub.cfg does contain the selinux=1 option.

Any suggestion?

Improve this question
1
  • 1
    I've just uploaded selinux-basics 0.5.1 to Debian experimental. Could you please try with that version. But anyway, you could use sestatus to check the status of selinux on your system. Commented Dec 15, 2012 at 13:32

3 Answers 3

Reset to default
5

Check sestatus if it returns enabled then it's working fine.

Also enter the command

grep FSC /etc/default/rcS

If it returns #FSCKFIX=no then use gedit or any other editing tool to edit the rcS file uncomment the line and set it to yes (like this FSCKFIX=yes) then save and exit gedit. After editing the file re-enter the command grep FSC /etc/default/rcS should return FSCKFIX=yes

if the command check-selinux-installation returns just

/etc/pam.d/login is not SELinux enabled

then it's fine and the above return is a false positive. For editing grub.cfg and checking the audit; follow the steps given by Debian Wiki for SELinux Setup. Use linux with enhanced security ~ SELinux.

Improve this answer
1

I know it's pretty late now, almost 9 years. But I did faced this error and the easiest solution I came up with is to update your OS version, I had Ubuntu 18.04 which installed selinux-basics version 0.5.6, as this issue was caused in version 0.5.6 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860522 due to use of systemd. This bug was solved just an year ago https://salsa.debian.org/selinux-team/selinux-basics/-/commit/5355b76eb6b3f100f93c7acb6121e72814c1e3d7 and must have been patched in version 0.5.7 as Ubuntu 20.04 installs this version.

Well I am not sure what caused the problem 9 years ago but based on the current situation I would recommend upgrading the OS version to at-least 20.04 if using Ubuntu.

Well if it helps do let me know. Good Luck!

Improve this answer
0

apt-get install auditd, you may lack this package.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.