[DSE-User] SELinux on Wheezy
Arno Schuring
aelschuring at hotmail.com
Wed Feb 8 22:00:21 UTC 2012
Hi Russell,
Russell Coker (russell at coker.com.au on 2012-02-08 12:17 +1100):
> On Wed, 8 Feb 2012, Arno Schuring <aelschuring at hotmail.com> wrote:
> > Over the past few weeks I have been trying to get SELinux in a
> > workable state for me. That endeavour started out as wanting to try
> > selinux on Squeeze, but after determining that making it work would
> > be nontrivial, I decided to focus on the policy in testing instead.
>
> If you used Postfix instead of Exim then things would have been a lot
> easier.
No doubt that was part of the reason. But when choosing which new tool
to learn, selinux was more appealing than postfix...
> >
> > Finally, some random observations:
> > - newer kernels want security=selinux, not selinux=1
>
> http://etbe.coker.com.au/2012/01/25/se-linux-status-2012-01/
Ah thanks. I do follow your posts through planet.d.o, but I had missed
this one.
> [..] I plan to get a Play
> Machine running Unstable in the near future and will resolve such
> issues then.
The first issue you'll probably run into is that /run/lock can't be
mounted because mountkernfs does a restorecon between mkdir and mount.
It's buried somewhere in #656155...
> run_init isn't (or at least shouldn't be) needed on targeted systems
> so a patch probably isn't a good idea. If you run in strict mode
> then you just need to know to use run_init.
Yes, that's my issue. Having to remember which incantation to use when
working on which system is an exercise I can do without :)
Regards,
Arno
More information about the Selinux-user
mailing list