I need a SELinux noob how to

Chat about Linux in general
Post Reply
niubboxp
Level 3
Level 3
Posts: 143
Joined: Mon Aug 31, 2015 2:00 am

I need a SELinux noob how to

Post by niubboxp » Tue May 23, 2017 3:05 pm

there are months i try to understand how SELinux works, but everytime i try to learn it i found alot of material i dont understand and this will scare me all the time, but i think the problem is not only me (at least i hope it), so now i decided this time to try looking for help there

i'm running debian stretch, could anyone help me to install and teach me how to manage it in a proper way with installed program and how to manage new programs installations, there is a kind of profile per apps, as firejail have, or how can i manage it?

thanks in advance
Linux Mint 18 64bit Cinnamon

User avatar
xenopeek
Level 24
Level 24
Posts: 24059
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: I need a SELinux noob how to

Post by xenopeek » Tue May 23, 2017 4:10 pm

There is no comparing Firejail to SELinux. Firejail is useful for levering standard kernel security features to better isolate your system from bugs (vulnerabilities) in user programs. Its profiles are human readable and simple. SELinux takes it to a whole new level by providing a separate security mechanism and is most useful to harden servers. In general you do not need to write SELinux policies; these will be provided by your distro.

To make the most of SELinux it is probably easiest to use a distro that enables SELinux by default. I.e., RHEL, CentOS, Fedora or any of their derivatives. See each project's documentation:
https://access.redhat.com/documentation ... ors_Guide/
https://wiki.centos.org/HowTos/SELinux
https://fedoraproject.org/wiki/SELinux

If you're running a server I'd go with CentOS. For desktop go with Fedora.

Gentoo also have a good documentation on SELinux but unlike the others above is quite different from Debian as you compile all software from source. See its documentation here: https://wiki.gentoo.org/wiki/SELinux

And there is no getting around it, if you want to write your own SELinux policies there are no shortcuts :)
Image

niubboxp
Level 3
Level 3
Posts: 143
Joined: Mon Aug 31, 2015 2:00 am

Re: I need a SELinux noob how to

Post by niubboxp » Wed May 24, 2017 2:04 am

so with debian is not possible to install SELinux (or apparmor if is easyest) without configure everything from 0? :(

Edit
Im doing some research about apparmor and it seems have profiles like firejail, there is any chance to install it, put every profile in enforcing (i found a guide for this) without broke my system?
Linux Mint 18 64bit Cinnamon

Post Reply

Return to “Chat about Linux”