Christian Göttsche cgzones at googlemail.com
Tue Apr 11 14:53:23 UTC 2017

I am using the boot flag *checkreqprot=0* without any complications or
policy changes.

if you are willing, one could alter the selinux-activate script to set
the boot flag

> Maybe we'll go with the new default for buster.
if there are no objections from the Debian SELinux team or users, please do so

More information about the SELinux-devel mailing list