SE Linux not enabled

Bug #434084 reported by Lars Noodén on 2009-09-21
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
refpolicy-ubuntu (Ubuntu)
Medium
Caleb Case
Karmic
Medium
Caleb Case

Bug Description

This is on Karmic Koala for i386.
After installing selinux and selinux-policy-ubuntu (and rebooting), SE Linux is not enabled.
Having SE Linux enabled manually should be possible, but it is not:

# setenforce 1
setenforce: SELinux is disabled

# /usr/bin/newrole
Sorry, newrole may be used only on a SELinux kernel.

# apt-cache policy selinux
selinux:
  Installed: 1:0.5
  Candidate: 1:0.5
  Version table:
 *** 1:0.5 0
        500 http://fi.archive.ubuntu.com karmic/universe Packages
        100 /var/lib/dpkg/status

Lars Noodén (larsnooden) wrote :

# lsb_release -rd
Description: Ubuntu karmic (development branch)
Release: 9.10

visibility: private → public
Jamie Strandboge (jdstrand) wrote :

Did you adjust your kernel parameters to have something like:
security=selinux selinux=1 enforcing=0

The 'security=selinux' part is new in 9.10.

Changed in refpolicy-ubuntu (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: New → Incomplete
Lars Noodén (larsnooden) wrote :

Grub2 is installed. I've tried changing /etc/boot/grub.cfg manually, but it seems to be ignored by it on startup.

The settings set by default (or by running update-grub2 ) are these:

menuentry "Ubuntu, Linux 2.6.31-10-generic" {
        set quiet=1
        insmod ext2
        set root=(hd0,1)
        search --no-floppy --fs-uuid --set 18294173-0b20-4f40-9830-ee1fc4f828aa
        linux /boot/vmlinuz-2.6.31-10-generic root=UUID=18294173-0b20-4f40-9830-ee1fc4f828aa ro quiet splash security=selinux selinux=1
        initrd /boot/initrd.img-2.6.31-10-generic

$ apt-cache policy grub2
grub2:
  Installed: (none)
  Candidate: 1.97~beta3-1ubuntu5
  Version table:
     1.97~beta3-1ubuntu5 0
        500 http://fi.archive.ubuntu.com karmic/universe Packages

Changed in refpolicy-ubuntu (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
status: Incomplete → New
Changed in refpolicy-ubuntu (Ubuntu):
status: New → Confirmed
milestone: none → ubuntu-9.10
importance: Undecided → Medium
Kees Cook (kees) on 2009-10-09
Changed in refpolicy-ubuntu (Ubuntu Karmic):
assignee: nobody → Caleb Case (calebcase)
status: Confirmed → Triaged
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package refpolicy-ubuntu - 0.2.20090730-0ubuntu1

---------------
refpolicy-ubuntu (0.2.20090730-0ubuntu1) karmic; urgency=low

  * Updated to upstream release 2.20090730
  * Handle Upstart direct execution of daemons.
  * Pre-depend on selinux to ensure that the trigger is handled (LP: #434084).

 -- Caleb Case <email address hidden> Mon, 19 Oct 2009 01:48:39 -0400

Changed in refpolicy-ubuntu (Ubuntu Karmic):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers