How can I use docker without sudo?

Question

user282924

Asked: 2014-05-19 11:41:32 +0800 CST2014-05-19 11:41:32 +0800 CST 2014-05-19 11:41:32 +0800 CST

SELinux is not enabled

772

I installed SELINUX on ubuntu using the command:

sudo apt-get install selinux

config file in /etc/selinux contain following information

SELINUX=permissive

SELINUXTYPE=default

SETLOCALDEFS=0

But i am not able to set selinux, when I check using sestatus -v command it gives output

SELINUX is disabled

How should I enable my SELINUX?

When I use command seinfo. it gives following output

ERROR: policydb version 26 does not match my version range 15-24
ERROR: Unable to open policy /etc/selinux/default/policy/policy.26.
ERROR: Input/output error

check-selinux-installation command gives following output ../proc/1 kernel..

SELinux is not enabled. The init process (PID 1) is running in an incorrect domain. /etc/pam.d/login is not SELinux enabled FSCKFIX is not enabled - not serious, but could prevent system from booting... udev will create nodes not labeled correctly

Please help

2 Answers

Voted

cioby23 · Answer 1 · 2014-05-19T12:02:17+08:00

cioby23

2014-05-19T12:02:17+08:002014-05-19T12:02:17+08:00

This error might be because you are running AppArmor along with SELinux. AppArmor is installed by default in Ubuntu. You can't use 2 LSM (Linux security modules) at the same time. You need to remove AppArmor if you wish yo use SELinux

See an aswer here: Is it a bad idea to run SELinux and AppArmor at the same time?

4

mtalexan · Answer 2 · 2019-03-12T13:20:23+08:00

An absurdly old question, but it helped me track my problem down partially, so I'm adding another response.

Not only do you need to remove AppArmor like cioby23 says, but there are some extra steps received from the upstream Debian that aren't well documented at all. Here are the commands to convert a standard Ubuntu system (16.04.6 for me) to use SELinux in Permissive mode using the standard provided packages:

# make sure you have the most up-to-date info
apt-get update
apt-get dist-upgrade

#disable and remove apparmor
/etc/init.d/apparmor stop
apt-get remove apparmor

#install SELinux
apt-get install selinux

# install the missing dependency
apt-get install auditd

# install the activate tool required to make it work
apt-get install selinux-basics

#missing manual step to actually make SELinux work (part of selinux-basics)
selinux-activate

# need to restart for it to take effect
shutdown now

Personally I discovered that the selinux-activate has to be run manually from a discussion on the upstream Debian (https://unix.stackexchange.com/questions/136988/whats-missing-with-my-selinux-installation).
It solved the exact problem of the wrong context on PID 1, which also presents as a getfilecon error.

EDIT1: Update language to avoid confusion on policy naming.
EDIT2: Split up the commands with better descriptions for each

SELinux is not enabled

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?