Can't get SELinux to work on the official Debian Wheezy Amazon EC2 images? Here's how to get it working. First, following the standard set-up directions at SELinux/Setup at the Debian Wiki.
Running selinux-activate won't actually update the correct grub confiquration files, due to the custom kernel that's installed. What you need to do is edit /boot/grub/menu.lst yourself and add "selinux=1 security=selinux" yourself so that your file looks like:
title 3.2.0-4-amd64
root (hd0)
kernel /boot/vmlinuz-3.2.0-4-amd64 root=/dev/xvda1 ro selinux=1 security=selinux
initrd /boot/initrd.img-3.2.0-4-amd64
I've also updated my /etc/grub.d/40_custom file to ensure when running update-grub that it creates the correct grub.cfg file. On line 39 I've added ${GRUB_CMDLINE_LINUX}
kernel ${rel_dirname}/${basename} root=${GRUB_DEVICE} ro ${args} ${GRUB_CMDLINE_LINUX}
After doing the above, rebooting and running sestatus you should now have SELinux enabled:
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: default Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: denied Max kernel policy version: 26