sudo apt-get update
sudo apt-get install selinux-basics selinux-policy-default auditd
Hello,
I'm trying to get selinux working on a fresh, gui-free installation of
bookworm. I'm not trying to run any servers, nor use standard desktop
utilities (yet). I was hoping this setup would be simple enough that
selinux would be simple to get going.
I'm following [1], which is very straightforward. The problem I'm
getting is that it seems woefully incomplete.
I cannot even login (com="agetty" is showing up in audit2why). Now,
obviously, I could follow the instructions and use audit2allow, and go
down the rabbit hole for configuring policies. But, really? No one
has fixed the login-at-the-console use case? I'm sure I must be doing
something wrong. All I've really done is:
apt-get install selinux-basics selinux-policy-default auditd
selinux-activate
(reboot)
(set enforcing=1 in grub)
update-grub
touch /.autorelabel
(reboot)
And then I cannot log in. Going back and unsetting enforcing=1 in grub,
and I can use audit2why. Does anyone who actually uses selinux have any
hints?
Best,
Antonio
[1] https://wiki.debian.org/SELinux/Setup