[DSE-Dev] SELinux release goals for Debian Jessie ?
Laurent Bigonville
bigon at debian.org
Mon Sep 30 14:11:46 UTC 2013
Le 30 Sep 2013 15:05:51 +0200,
a.kuckartz at ping.de a écrit :
> I very likely will not be able to do anything before 0:00 tonight :-(
>
> Would be good if someone (you?) could propose that. Now is the time
> to improve security.
I've no time to do this ATM.
> Ideally it should be possible to run a standard Jessie Installation
> in enforcing mode. Is that a realistic release goal?
I would call this an ambitious plan. I think we should make our best
allow the users to be able to enable selinux on their machine without
too much hassle.
I see three paths here:
- Improuve the policy, this is currently being worked out with
upstream.
- As said be sure that when a init/maintainer script is creating a
file/directory the label on disk is properly (re)set.
- Be sure that selinux aware applications (I'm thinking about libvirt
here) have selinux support enabled and that's it's working properly.
Cheers
Laurent Bigonville
More information about the SELinux-devel
mailing list