[DSE-Dev] selinux-policy-default in Jessie
Mika Pflüger
debian at mikapflueger.de
Mon Jan 18 19:54:58 UTC 2016
Hi Clemens,
Am Mon, 18 Jan 2016 12:57:21 +0100
schrieb "Clemens A. Schulz" <c.schulz at sirrix.com>:
> I just read the whole thread about selinux-policy-default missing in
> Debian Jessie. Since we also based our own SELinux policies in Squeeze
> on this package I would like to see this package back in Jessie as
> well.
>
> I also want to know why it has been removed and what kind of bugs were
> in there?! As removing this package from the Jessie repo will make
> whole SELinux in Debian Jessie not working anymore this is a very
> huge step and I think Debian had some important reasons for that, but
> they are not public.
As (almost) all development in Debian, the reasons are indeed public!
You can check the package tracker of the source package:
https://tracker.debian.org/pkg/refpolicy
Where you find that on 2014-12-21 refpolicy was removed from testing,
linking to https://tracker.debian.org/news/669803 .
There you also find the reasons why it was removed: the two
release-critical bugs #771484,756729, they are/were:
#771484: GPG is totally broken (solved 2015-02-06)
#756729: Setting SELinux to enforce results in not configured network
interface at boot time (still open in debian)
Both bugs were considered release-critical by debian, which means the
package would not be released in a stable release if this was not
fixed. To not delay the release of debian as a whole,
selinux-policy-default was not shipped with debian jessie.
At the moment, selinux-policy-default is also not entering debian
testing (which would be a prerequisite for being released with the next
debian stable), reasons are again listed at the tracker site
https://tracker.debian.org/pkg/refpolicy , it is release-critical bugs
again.
> In the thread someone also says that he is working on a
> re-implementation of this package in the unstable repository. Is there
> some schedule for this package? Will it every be part of the main
> Jessie repository again and become stable? Would be nice to read some
> lines on that.
I don't know if there is enough manpower to get the package into shape
for the next stable debian release (debian 8 / stretch). Getting
selinux-policy default into debian 7 / jessie will most likely not
happen, new packages are usually not introduced into stable debian
releases. A backport for jessie into the backports repository would be
possible, but we are lacking helping hands here again.
Cheers,
Mika
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale Signatur von OpenPGP
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20160118/38dd890f/attachment.sig>
More information about the SELinux-devel
mailing list