Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#757421: selinux-basics: selinux-activate doesn't install kernel args on extlinux
7 views
Skip to first unread message
Daniel Black
Aug 7, 2014, 7:40:02 PM8/7/14
to
Package: selinux-basics
Version: 0.5.2
Severity: wishlist
Dear Maintainer,
* What led up to the situation?
I started a freedombox using freedombox maker which uses vmdebootstrap to create and image. The VM has extlinux as the bootloader.
I followed the selinux steps on wiki.debian.org/SELinux/Setup.
After rebooting no selinux was enabled.
* What exactly did you do (or not do) that was effective (or
ineffective)?
I discovered that the /extlinux.conf boot line didn't contain the selinux kernel arguements like /etc/default/grub.conf.
* What was the outcome of this action?
Adding these made selinux work.
* What outcome did you expect instead?
Selinux enabled.
/extlinux.conf:
default linux
timeout 1
label linux
kernel boot/vmlinuz-3.14-2-486
append initrd=boot/initrd.img-3.14-2-486 root=UUID=5cb2f0d4-21b6-43b2-9f0b-ef908696a4ac ro selinux=1 security=selinux
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.14-2-486
Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-basics depends on:
ii checkpolicy 2.3-1
ii policycoreutils 2.3-1
pn python:any <none>
ii selinux-utils 2.3-1
Versions of packages selinux-basics recommends:
ii selinux-policy-default 2:2.20140421-4
ii setools 3.3.8-3
Versions of packages selinux-basics suggests:
pn logcheck <none>
pn syslog-summary <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Version: 0.5.2
Severity: wishlist
Dear Maintainer,
* What led up to the situation?
I started a freedombox using freedombox maker which uses vmdebootstrap to create and image. The VM has extlinux as the bootloader.
I followed the selinux steps on wiki.debian.org/SELinux/Setup.
After rebooting no selinux was enabled.
* What exactly did you do (or not do) that was effective (or
ineffective)?
I discovered that the /extlinux.conf boot line didn't contain the selinux kernel arguements like /etc/default/grub.conf.
* What was the outcome of this action?
Adding these made selinux work.
* What outcome did you expect instead?
Selinux enabled.
/extlinux.conf:
default linux
timeout 1
label linux
kernel boot/vmlinuz-3.14-2-486
append initrd=boot/initrd.img-3.14-2-486 root=UUID=5cb2f0d4-21b6-43b2-9f0b-ef908696a4ac ro selinux=1 security=selinux
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.14-2-486
Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-basics depends on:
ii checkpolicy 2.3-1
ii policycoreutils 2.3-1
pn python:any <none>
ii selinux-utils 2.3-1
Versions of packages selinux-basics recommends:
ii selinux-policy-default 2:2.20140421-4
ii setools 3.3.8-3
Versions of packages selinux-basics suggests:
pn logcheck <none>
pn syslog-summary <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
undef
Aug 26, 2023, 12:20:04 AM8/26/23
to
I've just tested this on Mobian Sid on PinePhone. Selinux still doesn't
seem to be configured by default with `selinux-basics` and
`selinux-policy-default` installed.
Placing the below file in /usr/share/u-boot-menu/conf.d/zz-selinux.conf
resolves the problem. Note the `zz-` prefix or one like it is mandatory
as this must be processed after the Mobian config which will always
overwrite the `U_BOOT_PARAMETERS` variable.
```
U_BOOT_PARAMETERS="${U_BOOT_PARAMETERS} selinux=1 security=selinux"
```
Thanks.
seem to be configured by default with `selinux-basics` and
`selinux-policy-default` installed.
Placing the below file in /usr/share/u-boot-menu/conf.d/zz-selinux.conf
resolves the problem. Note the `zz-` prefix or one like it is mandatory
as this must be processed after the Mobian config which will always
overwrite the `U_BOOT_PARAMETERS` variable.
```
U_BOOT_PARAMETERS="${U_BOOT_PARAMETERS} selinux=1 security=selinux"
```
Thanks.
Russell Coker
Aug 28, 2023, 8:50:05 AM8/28/23
to
On Saturday, 26 August 2023 14:05:18 AEST undef wrote:
> I've just tested this on Mobian Sid on PinePhone. Selinux still doesn't
> seem to be configured by default with `selinux-basics` and
> `selinux-policy-default` installed.
We discussed this on Matrix and his problem was that he didn't run "selinux-
> I've just tested this on Mobian Sid on PinePhone. Selinux still doesn't
> seem to be configured by default with `selinux-basics` and
> `selinux-policy-default` installed.
activate".
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
0 new messages