SELinux on Ubuntu LTS: Baby Steps

Silly me, I didn't know SELinux was built into the kernel (or at least available) on Ubuntu LTS, until I saw a kernel message this afternoon, so while waiting for my daughter to fall asleep with here Little Bear video, I decided to give it a shot on my Thinkpad.

Do the apt dance

apt-get install selinux

or maybe installed python-selinux, can't remember, but a whole bunch of shit got installed.


Edit GRUB kernel options

I got rid of splash and quiet, always hated those.

ro apparmor.enabled=0 selinux=1 enforcing=0

Use syslog-ng to capture audit events

destination df_selinux { file("/var/log/selinux"); };
filter f_selinux {
       match("audit") or match ("restorecond:");
};
log {
       source(s_all);
       filter(f_selinux);
       destination(df_selinux);
};

Then reboot, it is normal for it to relabel the fileystem.

Now to figure out what the hell all this means..

Oct 31 21:03:31 mfranz-t61 restorecond: terminated
Oct 31 21:04:35 mfranz-t61 kernel: [ 15.685858] audit: initializing netlink socket (disabled)
Oct 31 21:04:35 mfranz-t61 kernel: [ 15.685935] audit(1225501446.416:1): initialized
Oct 31 21:04:35 mfranz-t61 kernel: [ 18.857262] audit(1225501456.585:2): policy loaded auid=4294967295
Oct 31 21:04:35 mfranz-t61 kernel: [ 36.373309] audit(1225501474.769:3): avc: denied { mmap_zero } for pid=5224 comm="vbetool" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:initrc_t tclass=memprotect
Oct 31 21:04:36 mfranz-t61 restorecond: Reset file context /var/run/cups: system_u:object_r:var_run_t->system_u:object_r:cupsd_var_run_t
Oct 31 21:05:27 mfranz-t61 restorecond: Reset file context /etc/resolv.conf: system_u:object_r:etc_runtime_t->system_u:object_r:net_conf_t