View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions SElinux for debian
Log in to Ask a Question

SElinux for debian

general

Anybody knows how to enable SElinux in default linode kernel for debian

3 Replies

Short answer: you don't, because SELinux is a compile-time option and is disabled by default in Linode kernels (for compatibility with non-SELinux userlands).

This will let you run Debian's own SELinux kernel:

http://library.linode.com/linode-platfo … grub-howto">http://library.linode.com/linode-platform/custom-instances/pv-grub-howto

Hoopycat.

I just followed instructions at http://library.linode.com/linode-platfo … grub-howto">http://library.linode.com/linode-platform/custom-instances/pv-grub-howto and followed instructions http://wiki.debian.org/SELinux/Setup here, I was getting some avc error messages in syslog which i have handled using audit2allow.

in the linode instructions it said do

apt-get install linux-image-xen-686 ,

and in the new linode profile it says (pv-grub-x86_32) .

Is (pv-grub-x86_32 something that will be updated by linode? I am a bit unsure about updating the kernel in general especially in the context of linode considering we have to follow special instructions as above in the first place. EDIT>> reading again it seems that upgrades would be down to me. If I did an upgrade would that break the selinux settings?

Also , Everything seems to work fine at the moment but I could anticipate something going wrong later on judging by some discussions of selinux I have seen. if that were the case then if I booted into the original profile kernel would I lose any configuration settings?

@marcl:

Is (pv-grub-x86_32 something that will be updated by linode?

Yes, but all pv-grub does is boot a kernel that is located within your disk image. It's analogous to the BIOS on your computer. It probably won't be updated unless it absolutely has to be, since it works and has few security implications.

> I am a bit unsure about updating the kernel in general especially in the context of linode considering we have to follow special instructions as above in the first place. EDIT>> reading again it seems that upgrades would be down to me. If I did an upgrade would that break the selinux settings?

It's up to you to keep the kernel updated, and any time something changes, there's the potential for something to break.

However, since you've chosen to let Debian handle that, so updates will be provided with your usual APT upgrades, and they probably won't break things. Delegating the responsibility isn't a bad idea here.

> Also , Everything seems to work fine at the moment but I could anticipate something going wrong later on judging by some discussions of selinux I have seen. if that were the case then if I booted into the original profile kernel would I lose any configuration settings?

I'm not too familiar with SELinux, but I'd suspect the userland parts of it will fail gracefully when they realize the kernel doesn't support SELinux. Worth a test, I suppose.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct