Currently Debian/Lenny contains all packages needed to run SE Linux apart from the policy. The policy package is missing because it needs to sit in unstable for a while before migrating to testing (Lenny), and I keep fixing bugs and uploading new versions.
I have set up my own APT repository for SE Linux packages (as I did for Etch [1]). The difference is that it’s working now (for i386 and AMD64) while I released my Etch repository some time after the release of Etch.
gpg --keyserver hkp://subkeys.pgp.net --recv-key F5C75256
gpg -a --export F5C75256 | apt-key add –
To enable the use of my repository you must first run the above two commands to retrieve and install my GPG key (take appropriate measures to verify that you have the correct key).
deb http://www.coker.com.au lenny selinux
Then add the above line to /etc/apt/sources.list and run “apt-get update” to download the list of packages.
Next run the command “apt-get install selinux-policy-default selinux-basics” to install all the necessary packages and then “touch /.autorelabel” to cause the filesystems to be labeled on the next boot. Edit the file /boot/grub/menu.lst and add “selinux=1” to the end of the line which starts with “# kopt=” and then run the command update-grub to apply this change.
Then reboot and the filesystems will be relabeled. Init will be running in the wrong context so you have to reboot again before everything is running correctly (I am thinking of having the autorelabel process automatically do the second reboot).
For future reference please use the page on my documents blog – I will update it regularly as needed [2]. This post will not be changed when it becomes outdated in a few days.
I’m using Sid and Grub2. I installed selinux-policy-default from the official Sid repository yesterday. Do I need to add anything to my /boot/grub/grub.cnf or /etc/grub.d/ files?
k3ninho: All the packages are in unstable, but as we are in a freeze now if you want to end up with lenny then you should switch to using the name “lenny” in your sources.list file now.
I’m not sure what can be done with /etc/grub.d (I would appreciate advice on this issue). Changing your menu.lst as described above is necessary in unstable.
The grub2 (using grub-pc) packages have a base set of files in /etc/grub.d which provide the script that becomes /boot/grub/grub.cfg. I’ll look and see if there are default kernel options which need ‘selinux=1’ added (or if already there).
I’m using Unstable because I don’t mind my computer being temperamental, buggy and needing to have bugs reported — it’s what I can do atm to help.
K3n.
k3ninho: Thanks for that.
Incidentally it might be that at this moment testing lenny could be at least as useful as testing unstable…
for grub2 you have to edit /etc/default/grub to include the option as something like:
GRUB_CMDLINE_LINUX=”… selinux=1″