Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Selinux (targeted?) On Laptop
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
0x4d6165
n00b
n00b


Joined: 14 May 2024
Posts: 2
PostPosted: Tue May 14, 2024 9:15 pm    Post subject: Selinux (targeted?) On Laptop Reply with quote
I was wondering if Selinux (in targeted mode probably) is possible on Gentoo on a laptop/workstation? I'm having trouble getting basic things like the display manager and sudo to reflect properly and I'm wondering if anyone else has done this who can provide pointers or if this is a bad idea and i'm better off using apparmor? I know I'll have to learn a little to get selinux working on a desktop, but I'm wondering if it's even worth doing/possible on gentoo.
Back to top
View user's profile Send private message
0x4d6165
n00b
n00b


Joined: 14 May 2024
Posts: 2
PostPosted: Wed May 15, 2024 3:33 pm    Post subject: Reply with quote
I'm doing a little test to see if it's possible and most things are working except firefox-bin crashes when enforce is on. The selinux-mozilla package is installed so I assume there's an issue with that policy being applied to firefox-bin? Is this a known issue?
Back to top
View user's profile Send private message
Dr. Banana
n00b
n00b


Joined: 04 Aug 2021
Posts: 48
PostPosted: Sun May 19, 2024 1:05 pm    Post subject: Reply with quote
Can you please keep us updated on this topic? I would like to know as well.
_________________
Haters gonna hate,
Potatoes gonna potate.
Back to top
View user's profile Send private message
rab0171610
Guru
Guru


Joined: 24 Dec 2022
Posts: 450
PostPosted: Sun May 19, 2024 8:27 pm    Post subject: Reply with quote
Why do you need (or want) SeLinux on a laptop or workstation? Usually it is a security model for administrators to be used on servers to manage access controls for multiple users of a system. If you are just using it as your personal laptop, I don't know that it would be a benefit if you are just managing restrictions for yourself. Please explain what are you trying to achieve?
Back to top
View user's profile Send private message
Dr. Banana
n00b
n00b


Joined: 04 Aug 2021
Posts: 48
PostPosted: Mon May 20, 2024 4:28 am    Post subject: Reply with quote
rab0171610 wrote:
Why do you need (or want) SeLinux on a laptop or workstation? Usually it is a security model for administrators to be used on servers to manage access controls for multiple users of a system. If you are just using it as your personal laptop, I don't know that it would be a benefit if you are just managing restrictions for yourself. Please explain what are you trying to achieve?


Well I run some programs under a different user but a MAC would give me extra peace of mind. Plus if I'm not wrong SELinux can restrict even root from doing some things, which is enticing.

That being said I don't think it's worth my time, setting up 'simple sandbox' as explained in the wiki was time consuming enough.
_________________
Haters gonna hate,
Potatoes gonna potate.
Back to top
View user's profile Send private message
BurningMemory
n00b
n00b


Joined: 17 Jan 2023
Posts: 54
PostPosted: Tue May 21, 2024 1:23 am    Post subject: Re: Selinux (targeted?) On Laptop Reply with quote
0x4d6165 wrote:
I was wondering if Selinux (in targeted mode probably) is possible on Gentoo on a laptop/workstation? I'm having trouble getting basic things like the display manager and sudo to reflect properly and I'm wondering if anyone else has done this who can provide pointers or if this is a bad idea and i'm better off using apparmor? I know I'll have to learn a little to get selinux working on a desktop, but I'm wondering if it's even worth doing/possible on gentoo.

Hello there.
It is possible, but requires configuration before it's actually usable. For daily-driving targeted policy is the most benefitial.
Having that said, benefits aren't guaranteed. It depends on your use-case and threat model. Before doing anything
it is best to read the documentation for the project, on Gentoo you can refer to the selinux project wiki page.
And after reading it, please then decide if you really need selinux.
Back to top
View user's profile Send private message
BurningMemory
n00b
n00b


Joined: 17 Jan 2023
Posts: 54
PostPosted: Tue May 21, 2024 1:28 am    Post subject: Reply with quote
0x4d6165 wrote:
I'm doing a little test to see if it's possible and most things are working except firefox-bin crashes when enforce is on. The selinux-mozilla package is installed so I assume there's an issue with that policy being applied to firefox-bin? Is this a known issue?

The firefox thing isn't really an issue with loading the selinux-mozilla module. I've noticed that all mozilla
software dies if it is not allowed execmem perms (which allows software to make their memory executable,
that's dangerous). I'm not sure if it really is a bug or if it's specific to gentoo even.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy