SELinux sandbox on Debian.

Kernels & Hardware, configuring network, installing services

SELinux sandbox on Debian.

Postby hack3rcon » 2020-10-22 19:50

Hello,
When I want to use sandbox on Debian then I got below error:
Code: Select all
$ sandbox
/usr/bin/sandbox: Sandbox Policy is not currently installed.
You need to install the selinux-policy-sandbox package in order to run this command

I installed "policycoreutils-sandbox" package too, but problem exist.
How can I solve it?

Thank you.
hack3rcon
 
Posts: 468
Joined: 2015-02-16 09:54

Re: SELinux sandbox on Debian.

Postby sickpig » 2020-10-23 07:56

hack3rcon wrote:When I want to use sandbox

Open the moat
User avatar
sickpig
 
Posts: 589
Joined: 2019-01-23 10:34

Re: SELinux sandbox on Debian.

Postby hack3rcon » 2020-10-23 12:38

sickpig wrote:
hack3rcon wrote:When I want to use sandbox

Open the moat

What does it mean?
hack3rcon
 
Posts: 468
Joined: 2015-02-16 09:54

Re: SELinux sandbox on Debian.

Postby sickpig » 2020-10-24 09:01

hack3rcon wrote:I installed "policycoreutils-sandbox" package too, but problem exist.
How can I solve it?

I do not suppose that policy is for the sandbox package you have installed.
You can inspect the current policies here /sys/fs/selinux/policy.
I reckon you need to create a custom policy for your sandbox application if the policy for it is not included in the standard defined selinux policies.
I would look here https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux to create a custom policy.
User avatar
sickpig
 
Posts: 589
Joined: 2019-01-23 10:34

Re: SELinux sandbox on Debian.

Postby hack3rcon » 2020-10-24 18:01

sickpig wrote:
hack3rcon wrote:I installed "policycoreutils-sandbox" package too, but problem exist.
How can I solve it?

I do not suppose that policy is for the sandbox package you have installed.
You can inspect the current policies here /sys/fs/selinux/policy.
I reckon you need to create a custom policy for your sandbox application if the policy for it is not included in the standard defined selinux policies.
I would look here https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux to create a custom policy.

You mean is that I must write it myself?
I looked at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-securing_programs_using_sandbox and:
Code: Select all
$ sudo apt-get install policycoreutils-sandbox
Reading package lists... Done
Building dependency tree       
Reading state information... Done
policycoreutils-sandbox is already the newest version (2.8-3).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
$ sandbox
/usr/bin/sandbox: Sandbox Policy is not currently installed.
You need to install the selinux-policy-sandbox package in order to run this command
$

SELinux sandbox don't exist for Debian?
hack3rcon
 
Posts: 468
Joined: 2015-02-16 09:54

Re: SELinux sandbox on Debian.

Postby sickpig » 2020-10-24 19:08

hack3rcon wrote:You mean is that I must write it myself?

Did I stutter?
User avatar
sickpig
 
Posts: 589
Joined: 2019-01-23 10:34

Re: SELinux sandbox on Debian.

Postby hack3rcon » 2020-10-31 12:58

I guess this feature don't exist on Debian.
hack3rcon
 
Posts: 468
Joined: 2015-02-16 09:54

Re: SELinux sandbox on Debian.

Postby reinob » 2020-10-31 14:09

hack3rcon wrote:I guess this feature don't exist on Debian.


I guess you really should start reading at least the information about packages you install.

Code: Select all
# apt show policycoreutils-sandbox
Package: policycoreutils-sandbox
Version: 2.8-3
Priority: optional
Section: utils
Source: selinux-python
Maintainer: Debian SELinux maintainers <selinux-devel@lists.alioth.debian.org>
Installed-Size: 71.7 kB
Depends: dbus (>= 1.8), gir1.2-gtk-3.0, libcap2-bin, policycoreutils, python3, python3-gi, x11-xserver-utils, xserver-xephyr, libc6 (>= 2.27), libcap-ng0 (>= 0.7.9), libselinux1 (>= 2.8)
Recommends: openbox | x-window-manager
Homepage: http://userspace.selinuxproject.org/
Download-Size: 33.3 kB
APT-Sources: http://deb.debian.org/debian buster/main amd64 Packages
Description: SELinux core policy utilities (graphical sandboxes)
 Security-enhanced Linux is a patch of the Linux® kernel and a number
 of utilities with enhanced security functionality designed to add
 mandatory access controls to Linux.  The Security-enhanced Linux
 kernel contains new architectural components originally developed to
 improve the security of the Flask operating system. These
 architectural components provide general support for the enforcement
 of many kinds of mandatory access control policies, including those
 based on the concepts of Type Enforcement®, Role-based Access Control,
 and Multi-level Security.
 .
 This package contains the scripts to create graphical sandboxes.
 .
 This package requires an additional custom policy that is not present in
 Debian.


Read the last line.
reinob
 
Posts: 857
Joined: 2014-06-30 11:42

Re: SELinux sandbox on Debian.

Postby hack3rcon » 2020-11-02 16:48

Why SElinux is not complete for Debian?
hack3rcon
 
Posts: 468
Joined: 2015-02-16 09:54

Re: SELinux sandbox on Debian.

Postby pcalvert » 2020-11-02 18:08

Since you're interested in sandboxes, you may be interested in this: Qubes OS

Phil
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
pcalvert
 
Posts: 1906
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: SELinux sandbox on Debian.

Postby LE_746F6D617A7A69 » 2020-11-02 21:55

pcalvert wrote:“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln

Abraham Lincoln didn't realized that overheated capitalism leads to destruction of *all* the aspects of a free trade - today 1% of people owns 99% of the world - the rest of humanity has nothing besides the debts (and a huge number of humans have a problem with finding something to eat)

The most dangerous animal on the planet Earth is a human who has nothing to loose ...
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed
LE_746F6D617A7A69
 
Posts: 414
Joined: 2020-05-03 14:16

Re: SELinux sandbox on Debian.

Postby sunrat » 2020-11-02 22:22

@LE_746F6D617A7A69 - I agree with you completely but it has nothing to do with the topic or Debian at all. Please stay on topic. (ps - sed s/loose/lose/ )

Maybe we can hope OP will learn to do some research himself instead of frequently asking vague questions on the forum.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!
User avatar
sunrat
 
Posts: 3316
Joined: 2006-08-29 09:12
Location: Melbourne, Australia


Return to System configuration

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable