there are months i try to understand how SELinux works, but everytime i try to learn it i found alot of material i dont understand and this will scare me all the time, but i think the problem is not only me (at least i hope it), so now i decided this time to try looking for help there
i'm running debian stretch, could anyone help me to install and teach me how to manage it in a proper way with installed program and how to manage new programs installations, there is a kind of profile per apps, as firejail have, or how can i manage it?
thanks in advance
I need a SELinux noob how to
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
I need a SELinux noob how to
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: I need a SELinux noob how to
There is no comparing Firejail to SELinux. Firejail is useful for levering standard kernel security features to better isolate your system from bugs (vulnerabilities) in user programs. Its profiles are human readable and simple. SELinux takes it to a whole new level by providing a separate security mechanism and is most useful to harden servers. In general you do not need to write SELinux policies; these will be provided by your distro.
To make the most of SELinux it is probably easiest to use a distro that enables SELinux by default. I.e., RHEL, CentOS, Fedora or any of their derivatives. See each project's documentation:
https://access.redhat.com/documentation ... ors_Guide/
https://wiki.centos.org/HowTos/SELinux
https://fedoraproject.org/wiki/SELinux
If you're running a server I'd go with CentOS. For desktop go with Fedora.
Gentoo also have a good documentation on SELinux but unlike the others above is quite different from Debian as you compile all software from source. See its documentation here: https://wiki.gentoo.org/wiki/SELinux
And there is no getting around it, if you want to write your own SELinux policies there are no shortcuts
To make the most of SELinux it is probably easiest to use a distro that enables SELinux by default. I.e., RHEL, CentOS, Fedora or any of their derivatives. See each project's documentation:
https://access.redhat.com/documentation ... ors_Guide/
https://wiki.centos.org/HowTos/SELinux
https://fedoraproject.org/wiki/SELinux
If you're running a server I'd go with CentOS. For desktop go with Fedora.
Gentoo also have a good documentation on SELinux but unlike the others above is quite different from Debian as you compile all software from source. See its documentation here: https://wiki.gentoo.org/wiki/SELinux
And there is no getting around it, if you want to write your own SELinux policies there are no shortcuts
Re: I need a SELinux noob how to
so with debian is not possible to install SELinux (or apparmor if is easyest) without configure everything from 0?
Edit
Im doing some research about apparmor and it seems have profiles like firejail, there is any chance to install it, put every profile in enforcing (i found a guide for this) without broke my system?
Edit
Im doing some research about apparmor and it seems have profiles like firejail, there is any chance to install it, put every profile in enforcing (i found a guide for this) without broke my system?