Can't get SELinux to work on the official Debian Wheezy Amazon EC2 images? Here's how to get it working. First, following the standard set-up directions at SELinux/Setup at the Debian Wiki.

Running selinux-activate won't actually update the correct grub confiquration files, due to the custom kernel that's installed. What you need to do is edit /boot/grub/menu.lst yourself and add "selinux=1 security=selinux" yourself so that your file looks like:

title 3.2.0-4-amd64
root (hd0)
kernel /boot/vmlinuz-3.2.0-4-amd64 root=/dev/xvda1 ro selinux=1 security=selinux
initrd /boot/initrd.img-3.2.0-4-amd64

I've also updated my /etc/grub.d/40_custom file to ensure when running update-grub that it creates the correct grub.cfg file. On line 39 I've added ${GRUB_CMDLINE_LINUX}

kernel ${rel_dirname}/${basename} root=${GRUB_DEVICE} ro ${args} ${GRUB_CMDLINE_LINUX}

After doing the above, rebooting and running sestatus you should now have SELinux enabled:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             default
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     denied
Max kernel policy version:      26