SELinux Application Whitelist
PPA description
The Whitelist Policy is based on SELinux mechanism
Installation:
1. sudo add-apt-repository ppa:itri-icl-fteam/selinuxapplicationwhitelist
2. sudo add-apt-repository ppa:itri-icl-fteam/selinuxpackage
3. sudo apt-get update
4. sudo apt install attr selinuxpack-libsepol selinuxpack-libselinux selinuxpack-libsemanage selinuxpack-checkpolicy selinuxpack-dbus selinuxpack-gui selinuxpack-mcstrans selinuxpack-policycoreutils selinuxpack-python selinuxpack-sandbox selinuxpack-secilc selinuxpack-semodule-utils selinux-app-whitelist-policy selinux-configuration
5. sudo install_selinux.sh
After deployment, you may get snapd denied messages.
Use the script below to fix this issue.
#!/bin/bash
# $1 is the absolute path of snap image
# you should execute journalctl -b|grep -i "denied.*snapd.*dev", and get value from dev=,
# e.g. loop2
# Execute "losetup -l | grep loop2", and get snap image path,
# e.g. /var/lib/snapd/snaps/snapd_12057.snap
imagename=$(basename $1)
image_root="$HOME/squashfs-root"
relabel_image_out="$HOME/$imagename"
[ -d $image_root ] && rm -r $image_root
if [ -f $1 ]
then
unsquashfs -d $image_root $1
chcon -R -t whitelist_t $image_root
mksquashfs $image_root $relabel_image_out
else
echo "No such file: "$1
fi
Then, sudo mv ./snapd_12057.snap /var/lib/snapd/snaps/snapd_12057.snap
Adding this PPA to your system
You can update your system with unsupported packages from this untrusted PPA by adding ppa:itri-icl-fteam/selinuxapplicationwhitelist to your system's Software Sources. (Read about installing)
sudo add-apt-repository ppa:itri-icl-fteam/selinuxapplicationwhitelist sudo apt update
For questions and bugs with software in this PPA please contact itri-icl-fteam.
PPA statistics
- Activity
- 0 updates added during the past month.
Overview of published packages
1 → 2 of 2 results | First • Previous • Next • Last |
Package | Version | Uploaded by |
---|---|---|
selinux-app-whitelist-policy | 1.4-1 | itri-icl-fteam () |
selinux-configuration | 1.1-1ubuntu3 | itri-icl-fteam () |
1 → 2 of 2 results | First • Previous • Next • Last |