[DSE-Dev] Bug#795505: selinux-basics: reccommends a non-existant package

Richard Jasmin frazzledjazz at gmail.com
Fri Aug 14 19:24:40 UTC 2015

Package: selinux-basics
Version: 0.5.2
Severity: grave
Tags: security
Justification: renders package unusable

Either instructions for setting up SELinux(enabled by default on Fedora) are
wrong and need to be changed or selinux-policy-default package needs to be
built for debian as a whole. Seems no distro has this package according to a
web package search but setting up SELinux seems to depend on it.

Did the policies get put into another package? They are pretty much required to
setup SELinux.

Tomoyo and apparmor may work as alternates but the reccommended course of
action is SELinux.It is also more common method. There is also no reason to not
have it installed and basic config setup by default(either on install media or
live media). Ignore this hardening reccomendation at your own peril.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages selinux-basics depends on:
ii  checkpolicy      2.3-1
ii  policycoreutils  2.3-1
pn  python:any       <none>
ii  selinux-utils    2.3-2+b1

Versions of packages selinux-basics recommends:
pn  selinux-policy-default  <none>
ii  setools                 3.3.8-3.2

Versions of packages selinux-basics suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- no debconf information

More information about the SELinux-devel mailing list