In #selinux, we helped a user today to get some SELinux working on Ubuntu.

I had posted before that I expect Ubuntu to be rather close to Debian in terms of SELinux support. This is not true.

Ubuntu ships rather old versions of the toolchain and SELinux libraries. I doubt that you can use the reference policy with this toolchain; the selinux policy shipped by Ubuntu is no longer supported.

Still these would mean that SELinux on Ubuntu would be in the same shape as it is on Gentoo. If it weren’t for this critical issue:

sysvinit (2.86.ds1-6ubuntu8) dapper; urgency=low
 
  * Disable SElinux again, nobody gave me a patch to fix the annoying
    message.
 
 -- Scott James Remnant <scott@ubuntu.com>  Fri,  3 Feb 2006 17:54:55 +0000

Init. The process supposed to load the policy at boot, is not SELinux enabled on Ubuntu. At least the version in hoary. And edgy comes with upstart, which doesn’t have SELinux support either, AFAIK.

So to use SELinux on Ubuntu you’ll have to build your own sysvinit (sysvinit from edgy might do the job). Or add SELinux support to upstart.