[DSE-Dev] SELinux release goals for Debian Jessie ?

Laurent Bigonville bigon at debian.org
Mon Sep 30 14:11:46 UTC 2013

Le 30 Sep 2013 15:05:51 +0200,
a.kuckartz at ping.de a écrit :

> I very likely will not be able to do anything before 0:00 tonight :-(
> Would be good if someone (you?) could propose that. Now is the time
> to improve security.

I've no time to do this ATM.

> Ideally it should be possible to run a standard Jessie Installation
> in enforcing mode. Is that a realistic release goal?

I would call this an ambitious plan. I think we should make our best
allow the users to be able to enable selinux on their machine without
too much hassle.

I see three paths here:

 - Improuve the policy, this is currently being worked out with
 - As said be sure that when a init/maintainer script is creating a
   file/directory the label on disk is properly (re)set.
 - Be sure that selinux aware applications (I'm thinking about libvirt
   here) have selinux support enabled and that's it's working properly.


Laurent Bigonville

More information about the SELinux-devel mailing list