[DSE-User] SELinux state
Ritesh Raj Sarraf
rrs at researchut.com
Mon Feb 16 08:39:41 UTC 2009
Hi,
I read somewhere that now selinux priority is set to standard. So that'd mean
that selinux will now be installed by default.
Do we have any data showing how many Debian installations have selinux
enabled, and maybe enforced?
I've been trying selinux on Debian for more than a year and not much has been
changing in regard to its policy for add-on packages. I hate to say, but in
the current state, selinux in Debian sucks, it is not usable. Most of the
packages in debian are not selinux aware. And they thus fail with selinux
enabled.
I'm not sure how Fedora is able to cope up with this. I know they fund the
SELinux Team/Maintainer. But still, a proper policy for every package they
ship, amazing.
But I think no, no. IIRC one of the Debian SELinux contributors mentioned that
not all packages in Fedora are confined. They don't confine all the
applications. If it is doable, can we do something similar ? Confine only the
known set of vulnerable packages that we have a good policy for.
And eventually, as and when the policy becomes usable for additional packages,
we make them selinux enabled.
Ritesh
--
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/selinux-user/attachments/20090216/35f6f140/attachment.pgp
More information about the Selinux-user
mailing list