qweasdf

Enabling SELINUX on "Debian GNU/Linux 10 (buster)" on ODROID HC1/HC2 --- is a more complete title

Hello to all good folks in Armbian team! On a odroid HC1/HC2 - where everything works like a swis clock, i cant - no matter what i do - to get "getenforce Enforcing" . I would be thankful if someone could point to the right direction. ----------------- uname -a Linux odroid 5.4.151-odroidxu4 #21.08.3 SMP PREEMPT Fri Oct 8 19:52:26 UTC 2021 armv7l GNU/Linux cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # default - equivalent to the old strict and targeted policies # mls - Multi-Level Security (for military and educational use) # src - Custom policy built from source SELINUXTYPE=default # SETLOCALDEFS= Check local definition changes SETLOCALDEFS=0 on "cat /boot/config-5.4.151-odroidxu4" on # Security options i have related on selinux: # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_SECURITY_PATH=y CONFIG_LSM_MMAP_MIN_ADDR=0 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY_FALLBACK=y CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y # CONFIG_SECURITY_SELINUX_DISABLE is not set CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 CONFIG_SECURITY_SMACK=y # CONFIG_SECURITY_SMACK_BRINGUP is not set CONFIG_SECURITY_SMACK_NETFILTER=y CONFIG_SECURITY_SMACK_APPEND_SIGNALS=y CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 CONFIG_SECURITY_TOMOYO=y CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024 # CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER is not set CONFIG_SECURITY_TOMOYO_POLICY_LOADER="/sbin/tomoyo-init" CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER="/sbin/init" # CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING is not set CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y # CONFIG_SECURITY_APPARMOR_DEBUG is not set ----------------- ##what i did: apt remove apparmour "Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package apparmour" #so apparmour is no longer present apt update && upgrade apt install selinux-basics selinux-policy-default auditd #all has installed ok no problem with dependencies et all ## i did observe, in /boot/config-5.4.151-odroidxu4 the folowing lines about apparmour: # Automatically generated file; DO NOT EDIT. CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y ## at command: "selinux-activate" ## i get "Activating SE Linux SE Linux is activated. You may need to reboot now." #but no change after reboot