唉,一言难尽啊大哥,这只是项目中的一个部分,还有好多,主要是TPM可信计算相关的东西,小弟人微言轻,不敢妄言!!回复 18# SeAL80s
回复 21# zhunxun
如果一定要在ubuntu上安装selinux,那么这个你是不是看过?可能会有帮助
h t t p s ://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/
h t t p s://www.howtoinstall.co/en/ubuntu/trusty/selinux-policy-ubuntu
估计你要的是这个
h t t p s://unix.stackexchange.com/questions/245272/enable-selinux-on-boot
回复 21# zhunxun
h t t p s://wiki.ubuntu.com/SELinux
没细心看全,貌似ubuntu下的selinux有问题,缺乏维护,官方推荐debian里的包
How does Ubuntu implements SELinux...?
selinux is not installed or enabled by default. We use apparmor by default. The Ubuntu wiki page for SELinux even claims ...
Warning
The Ubuntu-specific "selinux" and "selinux-policy-ubuntu" packages documented here have not received much attention since Karmic, and appear to be effectively broken in Precise.
If you wish to use SELinux in Ubuntu, the "selinux-basics" and "selinux-policy-default" packages from Debian are still being actively maintained. Documentation relevant to those packages can be found at http://wiki.debian.org/SELinux
but also contains instruction on how to install it:
SELinux in Ubuntu
SELinux can be enabled in Ubuntu by installing the "selinux" meta-package, which will make the needed changes to the system, and install the Tresys policies for Ubuntu:
sudo apt-get install selinux
After installation, you will be prompted to reboot the system to label and activate SELinux.
But it might be smarter to install the debian packages manually...
本帖最后由 SeAL80s 于 2016-05-06 22:29 编辑
h t t p s ://askubuntu.com/questions/481293/selinux-implementation-in-ubuntu
如果访问网页有问题,直接看下面吧
I believe you have to remove apparmor before installing SELinux:
sudo apt-get remove apparmor
According to the SELinux wiki page:
Starting with Hardy Heron SELinux has been integrated into Ubuntu and can be installed via apt.
Install the selinux package:
sudo apt-get install selinux
Change the SELinux mode in /etc/selinux/config (optional):
Enforcing
sudo sed -i 's/SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config
Permissive
sudo sed -i 's/SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
Reboot
During shutdown all of the files on the system will be labeled. This may take some time depending on how many files you have and disk speed.
真是对大哥感激不尽,唯一碰到的提问问题被如此认真回答的,呵呵,您说的这些可以实现的大哥,现在关键在于怎么利用reference policy 定制策略,apt-get install selinux 这样的不带源码,需要从别处获取,可从ubuntu官方获取的,make不过,总有这样那样的问题,我也是无奈了,大哥如果有什么办法,消息洗耳恭听!!:em02: 回复 24# SeAL80s
回复 25# zhunxun
我只能帮你安装的问题,具体开发的,我不搞这个,不太懂的。上面帖子说了,去Debian获取源码或者装Debian的包,都是deb,可能要手工解决依赖。我见帖子说,ubuntu默认用appamor,可能与selinux冲突。不知道是不是导致你安装selinux load出问题。帖子好像也说ubuntu的selinux维护的不好,或者不维护了,Debian的还在良好的维护。如果你已经解决安装问题了,那就忽略掉我说的就可以了。具体怎么找包,我想你也知道了
回复 26# SeAL80s
appamor只是MAC(强制访问控制)的一种实现方式,Ubuntu默认是appamor,Redhat系列自带的是SELinux,Ubuntu也可以使用SELinux。只是不能同时使用appamor和SELinux,两者同时只能选择一个
楼主先把你编译策略的出错信息报上了,现在的SELinux策略主要是Redhat和Tresys这两个公司在维护,你可以从以下两个网站找源码,
https://github.com/TresysTechnology/refpolicy/wiki
http://www.selinuxproject.org/page/Main_Page
感激不尽!!!回复 28# beyondfly
感激不尽!!!回复 26# SeAL80s