在阅读了大量文章后,我听说 SELinux 是加强安全性的好方法。所以我决定安装 SELinux,并使用以下命令:
pranav@inspiron-5548:~$ sudo apt-get install selinux
[sudo] password for pranav:
Sorry, try again.
[sudo] password for pranav:
Sorry, try again.
[sudo] password for pranav:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
policycoreutils selinux-policy-dummy
selinux-utils
The following packages will be REMOVED:
apparmor gnome-software-plugin-snap snapd
The following NEW packages will be installed:
policycoreutils selinux selinux-policy-dummy
selinux-utils
0 upgraded, 4 newly installed, 3 to remove and 0 not upgraded.
Need to get 544 kB of archives.
After this operation, 65.1 MB disk space will be freed.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 selinux-utils amd64 2.8-1build1 [81.9 kB]
Get:2 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 policycoreutils amd64 2.8-1 [450 kB]
Get:3 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 selinux all 1:0.11 [11.2 kB]
Get:4 http://archive.ubuntu.com/ubuntu cosmic/universe amd64 selinux-policy-dummy all 0.1 [1,730 B]
Fetched 544 kB in 3s (211 kB/s)
Preconfiguring packages ...
(Reading database ... 193413 files and directories currently installed.)
Removing gnome-software-plugin-snap (3.30.2-0ubuntu8) ...
Removing snapd (2.37.1+18.10) ...
Removing apparmor (2.12-4ubuntu8) ...
Selecting previously unselected package selinux-utils.
(Reading database ... 193322 files and directories currently installed.)
Preparing to unpack .../selinux-utils_2.8-1build1_amd64.deb ...
Unpacking selinux-utils (2.8-1build1) ...
Selecting previously unselected package policycoreutils.
Preparing to unpack .../policycoreutils_2.8-1_amd64.deb ...
Unpacking policycoreutils (2.8-1) ...
Selecting previously unselected package selinux.
Preparing to unpack .../selinux_1%3a0.11_all.deb ...
Unpacking selinux (1:0.11) ...
Selecting previously unselected package selinux-policy-dummy.
Preparing to unpack .../selinux-policy-dummy_0.1_all.deb ...
Unpacking selinux-policy-dummy (0.1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Processing triggers for desktop-file-utils (0.23-3ubuntu3) ...
Setting up selinux-utils (2.8-1build1) ...
Processing triggers for bamfdaemon (0.5.3+18.04.20180207.2-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Setting up selinux-policy-dummy (0.1) ...
Processing triggers for systemd (239-7ubuntu10.8) ...
Processing triggers for man-db (2.8.4-2) ...
Processing triggers for gnome-menus (3.13.3-11ubuntu2) ...
Setting up policycoreutils (2.8-1) ...
selinux-autorelabel-mark.service is a disabled or a static unit, not starting it.
Setting up selinux (1:0.11) ...
Sourcing file `/etc/default/grub'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.18.0-16-generic
Found initrd image: /boot/initrd.img-4.18.0-16-generic
Found linux image: /boot/vmlinuz-4.18.0-15-generic
Found initrd image: /boot/initrd.img-4.18.0-15-generic
Found Windows Boot Manager on /dev/sda2@/EFI/Microsoft/Boot/bootmgfw.efi
Adding boot menu entry for EFI firmware configuration
done
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
Processing triggers for systemd (239-7ubuntu10.8) ...
Processing triggers for initramfs-tools (0.131ubuntu15.1) ...
update-initramfs: Generating /boot/initrd.img-4.18.0-16-generic
然后重启电脑。出现以下图像:
首先出现的东西
第二张图片
请注意,该机器是 Windows 10 双启动的。
添加 grub 菜单后selinux=0,我就能重新运行我的电脑了。
我在这里遗漏了什么?我该怎么办?我应该卸载 SELinux 还是管理它以使其正常工作?
答案1
SELinux 在 Ubuntu 中没有得到完全支持,因为他们专注于 apparmor,而且正如其他人所说,它可能需要调整策略。
但如果你想尝试一下,你需要安装一个实际的策略,在这里我看到你安装了selinux-策略-虚拟描述如下:
空的安全增强型 Linux 策略(虚拟包)
此软件包用于满足软件包依赖性,但不包含实际的 SELinux 策略。如果系统管理员正在开发自定义 SELinux 策略,则应安装此软件包。
您可能想要安装selinux-policy-default,该软件包包含实际策略,系统应该可以进一步启动。您可能还想检查/etc/selinux/config模式是否设置为permissive,这将使 SELinux 仅记录拒绝。
编辑:另外,尝试安装selinux-basic而不是selinux包,后者是 ubuntu 特有的,并且多年来没有维护