SELinux demands constant relabeling
up vote
1
down vote
favorite
I have installed SELinux on Ubuntu 18.04.1 LTS via
# apt install selinux
After the mandatory reboot, SELinux was constantly disabled until I added
SELinux = 1 to /etc/default/grub
and executed
sudo update-grub
upon which SELinux seems to be working correctly.
sestatus reports back with
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: default
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version: 31
However, executing
# sudo systemctl status selinux
yields
Nov 21 14:38:51 ubuntu-selinux systemd[1]:
Started LSB: Relabel the filesystem before reboot.
even though I have relabeled the file-system by adding touch /.autorelabel and also executing sudo fixfiles relabel and rebooting the system afterwards.
Additional information that may be relevant
- apparmor was successfully removed
- filesystem is
ext4
- This is a fresh install, so nothing else was tinkered with.
My question(s): Why did I have to add the kernel parameter manually and why is SELinux prompting me for another relabel on every boot?
ubuntu selinux
edited 14 hours ago
Bigon
1,245613
asked Nov 21 at 15:45
Fang
1157
add a comment |
up vote
1
down vote
favorite
I have installed SELinux on Ubuntu 18.04.1 LTS via
# apt install selinux
After the mandatory reboot, SELinux was constantly disabled until I added
SELinux = 1 to /etc/default/grub
and executed
sudo update-grub
upon which SELinux seems to be working correctly.
sestatus reports back with
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: default
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version: 31
However, executing
# sudo systemctl status selinux
yields
Nov 21 14:38:51 ubuntu-selinux systemd[1]:
Started LSB: Relabel the filesystem before reboot.
even though I have relabeled the file-system by adding touch /.autorelabel and also executing sudo fixfiles relabel and rebooting the system afterwards.
Additional information that may be relevant
- apparmor was successfully removed
- filesystem is
ext4
- This is a fresh install, so nothing else was tinkered with.
My question(s): Why did I have to add the kernel parameter manually and why is SELinux prompting me for another relabel on every boot?
ubuntu selinux
edited 14 hours ago
Bigon
1,245613
asked Nov 21 at 15:45
Fang
1157
1
Ubuntu does not fully support selinux policy so you have to write your own. If you want selinux use fedora / RHEL / Centos
– Panther
Nov 21 at 15:51
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have installed SELinux on Ubuntu 18.04.1 LTS via
# apt install selinux
After the mandatory reboot, SELinux was constantly disabled until I added
SELinux = 1 to /etc/default/grub
and executed
sudo update-grub
upon which SELinux seems to be working correctly.
sestatus reports back with
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: default
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version: 31
However, executing
# sudo systemctl status selinux
yields
Nov 21 14:38:51 ubuntu-selinux systemd[1]:
Started LSB: Relabel the filesystem before reboot.
even though I have relabeled the file-system by adding touch /.autorelabel and also executing sudo fixfiles relabel and rebooting the system afterwards.
Additional information that may be relevant
- apparmor was successfully removed
- filesystem is
ext4
- This is a fresh install, so nothing else was tinkered with.
My question(s): Why did I have to add the kernel parameter manually and why is SELinux prompting me for another relabel on every boot?
ubuntu selinux
edited 14 hours ago
Bigon
1,245613
asked Nov 21 at 15:45
Fang
1157
I have installed SELinux on Ubuntu 18.04.1 LTS via
# apt install selinux
After the mandatory reboot, SELinux was constantly disabled until I added
SELinux = 1 to /etc/default/grub
and executed
sudo update-grub
upon which SELinux seems to be working correctly.
sestatus reports back with
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: default
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: requested (insecure)
Max kernel policy version: 31
However, executing
# sudo systemctl status selinux
yields
Nov 21 14:38:51 ubuntu-selinux systemd[1]:
Started LSB: Relabel the filesystem before reboot.
even though I have relabeled the file-system by adding touch /.autorelabel and also executing sudo fixfiles relabel and rebooting the system afterwards.
Additional information that may be relevant
- apparmor was successfully removed
- filesystem is
ext4
- This is a fresh install, so nothing else was tinkered with.
My question(s): Why did I have to add the kernel parameter manually and why is SELinux prompting me for another relabel on every boot?
ubuntu selinux
ubuntu selinux
edited 14 hours ago
Bigon
1,245613
asked Nov 21 at 15:45
Fang
1157
edited 14 hours ago
Bigon
1,245613
asked Nov 21 at 15:45
Fang
1157
edited 14 hours ago
Bigon
1,245613
edited 14 hours ago
Bigon
1,245613
edited 14 hours ago
Bigon
1,245613
1,245613
asked Nov 21 at 15:45
Fang
1157
asked Nov 21 at 15:45
Fang
1157
asked Nov 21 at 15:45
Fang
1157
1157
1
Ubuntu does not fully support selinux policy so you have to write your own. If you want selinux use fedora / RHEL / Centos
– Panther
Nov 21 at 15:51
add a comment |
1
Ubuntu does not fully support selinux policy so you have to write your own. If you want selinux use fedora / RHEL / Centos
– Panther
Nov 21 at 15:51
1
1
Ubuntu does not fully support selinux policy so you have to write your own. If you want selinux use fedora / RHEL / Centos
– Panther
Nov 21 at 15:51
Ubuntu does not fully support selinux policy so you have to write your own. If you want selinux use fedora / RHEL / Centos
– Panther
Nov 21 at 15:51
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Don't install the selinux package, install selinux-basic instead.
The selinux package is ubuntu specific and is really old and not working well with systemd.
To be honest I thought it was already removed from the ubuntu archive for a while.
answered 16 hours ago
Bigon
1,245613
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Don't install the selinux package, install selinux-basic instead.
The selinux package is ubuntu specific and is really old and not working well with systemd.
To be honest I thought it was already removed from the ubuntu archive for a while.
answered 16 hours ago
Bigon
1,245613
add a comment |
up vote
0
down vote
Don't install the selinux package, install selinux-basic instead.
The selinux package is ubuntu specific and is really old and not working well with systemd.
To be honest I thought it was already removed from the ubuntu archive for a while.
answered 16 hours ago
Bigon
1,245613
add a comment |
up vote
0
down vote
up vote
0
down vote
Don't install the selinux package, install selinux-basic instead.
The selinux package is ubuntu specific and is really old and not working well with systemd.
To be honest I thought it was already removed from the ubuntu archive for a while.
answered 16 hours ago
Bigon
1,245613
Don't install the selinux package, install selinux-basic instead.
The selinux package is ubuntu specific and is really old and not working well with systemd.
To be honest I thought it was already removed from the ubuntu archive for a while.
answered 16 hours ago
Bigon
1,245613
answered 16 hours ago
Bigon
1,245613
answered 16 hours ago
Bigon
1,245613
answered 16 hours ago
Bigon
1,245613
1,245613
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f483246%2fselinux-demands-constant-relabeling%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Ubuntu does not fully support selinux policy so you have to write your own. If you want selinux use fedora / RHEL / Centos
– Panther
Nov 21 at 15:51