Hello, I'm trying to get selinux working on a fresh, gui-free installation of bookworm. I'm not trying to run any servers, nor use standard desktop utilities (yet). I was hoping this setup would be simple enough that selinux would be simple to get going. I'm following [1], which is very straightforward. The problem I'm getting is that it seems woefully incomplete. I cannot even login (com="agetty" is showing up in audit2why). Now, obviously, I could follow the instructions and use audit2allow, and go down the rabbit hole for configuring policies. But, really? No one has fixed the login-at-the-console use case? I'm sure I must be doing something wrong. All I've really done is: apt-get install selinux-basics selinux-policy-default auditd selinux-activate (reboot) (set enforcing=1 in grub) update-grub touch /.autorelabel (reboot) And then I cannot log in. Going back and unsetting enforcing=1 in grub, and I can use audit2why. Does anyone who actually uses selinux have any hints? Best, Antonio [1] https://wiki.debian.org/SELinux/Setup
Attachment:
OpenPGP_0xB01C53D5DED4A4EE.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature