We've been really busy getting SELinux support ready for Hardy and it is now
possible to boot into an SELinux enabled Hardy using the packages that are
available in the Ubuntu-Hardened PPA on launchpad.
Installing SELinux in Hardy:
1. Update /etc/apt/sources.list by appending the following:
deb http://ppa.launchpad.net/ubuntu-hardened/ubuntu hardy main
deb-src http://ppa.launchpad.net/ubuntu-hardened/ubuntu hardy main
3. Configure /etc/selinux/config:
* Change SELINUX=enforcing to SELINUX=permissive 
 PAM was using a deprecated method of handling login contexts
<https://bugs.launchpad.net/ubuntu/+source/pam/+bug/187822>. The updated package
fixes this problem by backporting changes in upstream.
 OpenSSH Server autoconf scripts were failing to detect the libselinux
functions getseuserbyname and get_default_context_with_level
<https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/188136>. The updated
package fixes the configure bug by correctly setting LIBS before calling
 Grub's update-grub lacks a trigger (and update-grub cannot be called
directly due to nested debconf issues). In order to seamlessly switch between
AppArmor and SELinux we need to reconfigure the menu.lst's defoptions. This
patch adds an explicit trigger for update-grub.
 apparmor and apparmor-utils need to be removed separately due to a recommend
in ubuntu-standard for apparmor-utils. If just apparmor is removed, then the
auto-resolution attempts to remove ubuntu-standard.
 selinux-policy-dummy is auto-picked when selinux is installed. It would be
better if selinux-policy-refpolicy was auto-picked instead and the dummy package
was a second choice. ;o} Suggestions on how to make that happen are very
 At this time the system will fail to boot in enforcing mode. This will, of
course, be fixed.
ubuntu-devel mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel