[DSE-Dev] Bug#823287: selinux-basics: System cannot boot with SELinux enabled after upgrade

[Jonathan Yu]

On Tue, May 3, 2016 at 10:10 AM, Laurent Bigonville <bigon at debian.org>
wrote:
>
>
> Do you have a policy installed on your machine?
>

I do not - I was unable to install the latest selinux-policy-default
package from unstable due to dependency problems that I was unable to
resolve.

The following packages have unmet dependencies:
 selinux-policy-default : Depends: policycoreutils (>= 2.2.1) but it is not
going to be installed
 udev : Depends: libblkid1 (>= 2.19.1) but it is not going to be installed
        Depends: adduser but it is not going to be installed
        Depends: util-linux (>= 2.27.1)
        Depends: procps


> The policy package currently in unstable is not compatible with the new
> userspace and needs to be adjusted, see bug #805492.
>

Ah, it does look like the same problem. However, I expected some sort of
safeguard that would prevent me from breaking my system -- i.e. a check in
selinux-activate that ensured that a policy was available, if that is
required to boot. Making my system unbootable is not desired behaviour.


> I've unfortunately not a lot of time for this. That means that if you want
> to use SELinux in debian, you'll have to compile/build your own policy.
>

I can understand that. I have some experience with Debian packaging, but
little with SELinux or advanced things like maintainer scripts, however I'd
be happy to spend a few weekends hacking on this if you can give me some
direction. I'll read through #805492 this weekend and come back to you with
questions.

Thanks again for all your contributions to Debian :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20160503/577dfbb9/attachment.html>