当前位置: 首页>>技术教程>>正文


Ubuntu 中的 SELinux 实现

,

问题描述

Ubuntu 是如何实现 SELinux 的……?在 Ubuntu 上实现 SELinux 涉及哪些包(模块)

最佳答案

\\n

How does Ubuntu implements SELinux…?

\\n

默认情况下未安装或启用 selinux。我们通过 default 使用 apparmorUbuntu wiki page for SELinux 甚至声称……

\\n

Warning

\\n

The Ubuntu-specific “selinux” and “selinux-policy-ubuntu” packages documented here have not received much attention since Karmic, and appear to be effectively broken in Precise.

\\n

If you wish to use SELinux in Ubuntu, the “selinux-basics” and “selinux-policy-default” packages from Debian are still being actively maintained. Documentation relevant to those packages can be found at http://wiki.debian.org/SELinux

\\n

但也包含有关如何安装它的说明:

\\n

SELinux in Ubuntu

\\n

SELinux can be enabled in Ubuntu by installing the “selinux”\\n meta-package, which will make the needed changes to the system, and\\n install the Tresys policies for Ubuntu:

\\n

sudo apt-get install selinux\\n

\\n

After installation, you will be prompted to reboot the system to label\\n and activate SELinux.

\\n

但是手动安装 debian 软件包可能更聪明……


\\n

What are the packages(modules) involved?

\\n

次佳答案

我相信你必须在安装 SELinux 之前删除 apparmor:

sudo apt-get remove apparmor

根据 SELinux wiki page

\\n

Starting with Hardy Heron SELinux has been integrated into Ubuntu and can be installed via apt.

\\n

Install the selinux package:

\\n

sudo apt-get install selinux\\n

\\n

Change the SELinux mode in /etc/selinux/config (optional):

\\n

\\n

    \\n

  • Enforcing

    \\n

    sudo sed -i 's/SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config\\n
  • \\n

  • Permissive

    \\n

    sudo sed -i 's/SELINUX=.*/SELINUX=permissive/' /etc/selinux/config\\n
  • \\n

\\n

\\n

Reboot

\\n

During shutdown all of the files on the system will be labeled. This may take some time depending on how many files you have and disk speed.

\\n

使用 apt-cache search 搜索会找到这些包:

postgresql-contrib-9.4 - additional facilities for PostgreSQL
ruby-selinux - Ruby bindings to SELinux shared libraries
checkpolicy - SELinux policy compiler
debian-handbook - reference book for Debian users and system administrators
joe-jupp - reimplement the joe Debian package using jupp
jupp - user friendly full screen text editor
libseaudit-dev - Security Enhanced Linux audit message parser development
libseaudit4 - Security Enhanced Linux audit message parsing library
libsefs-dev - Security Enhanced Linux file context management development
libsefs4 - Security Enhanced Linux file context management
libsetools-java - SETools Java bindings (architecture-independent)
libsetools-tcl - SETools Tcl bindings
libtomoyotools3 - lightweight Linux Mandatory Access Control system - library
policycoreutils - SELinux core policy utilities
python-selinux - Python bindings to SELinux shared libraries
python-semanage - Python bindings for SELinux policy management
python-sepolgen - Python module used in SELinux policy generation
python-sepolicy - Python binding for SELinux Policy Analyses
python-setools - SETools Python bindings
ruby-semanage - Ruby bindings to for SELinux policy management
selinux - Security-Enhanced Linux runtime support
selinux-basics - SELinux basic support
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-dummy - Empty Security-Enhanced Linux policy (dummy package)
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
selinux-policy-ubuntu - Security-Enhanced Linux Reference Policy
selinux-policy-ubuntu-dev - Security-Enhanced Linux Reference Policy Development Headers
selinux-policy-ubuntu-doc - Security-Enhanced Linux Reference Policy Documentation
selinux-utils - SELinux utility programs
setools - tools for Security Enhanced Linux policy analysis
setools-gui - GUI tools for Security Enhanced Linux policy analysis

参考资料

本文由Ubuntu问答整理, 博文地址: https://ubuntuqa.com/article/13673.html,未经允许,请勿转载。