[DSE-Dev] SELinux state for Bullseye

Christian Göttsche cgzones at googlemail.com
Sun Feb 7 16:41:23 GMT 2021 

Dear SELinux maintainers,

As the freeze for Debian Bullseye approaches, I took a look at the
SELinux related Debian packages.
Most of the packages use debhelper compat level12, while level 13 is
the recommend mode and e.g. uses 'dh_missing --fail-missing' by
default.
Also most packages are build without enabled build hardening flags,
see https://wiki.debian.org/Hardening .
Therefore I prepared several merge request on salsa.d.o:

src:checkpolicy
    https://salsa.debian.org/selinux-team/checkpolicy/-/merge_requests/4

src:libselinux
    https://salsa.debian.org/selinux-team/libselinux/-/merge_requests/4
    p.s.: the proposed fix for #979970 lgtm.

src:libsemanage
    https://salsa.debian.org/selinux-team/libsemanage/-/merge_requests/5

src:libsepol
    https://salsa.debian.org/selinux-team/libsepol/-/merge_requests/3

src:mcstrans
    https://salsa.debian.org/selinux-team/mcstrans/-/merge_requests/2

src:policycoreutils
    https://salsa.debian.org/selinux-team/policycoreutils/-/merge_requests/3
    This includes
https://github.com/SELinuxProject/selinux/commit/ba2d6c10635a021d2b1a5fc2123fde13b04295a5
to close #976455,
    which is especially useful since systemd heavily uses mounts and
thereby hides filesystem parts, which might otherwise not get
relabeled.
    See for example https://github.com/systemd/systemd/issues/18301

src:restorecond
    https://salsa.debian.org/selinux-team/restorecond/-/merge_requests/2

src:secilc
    https://salsa.debian.org/selinux-team/secilc/-/merge_requests/1

src:selinux-basics
    https://salsa.debian.org/selinux-team/selinux-basics/-/merge_requests/1

src:selinux-dbus
    https://salsa.debian.org/selinux-team/selinux-dbus/-/merge_requests/2

src:selinux-python
    https://salsa.debian.org/selinux-team/selinux-python/-/merge_requests/2

src:semodule-utils
    https://salsa.debian.org/selinux-team/semodule-utils/-/merge_requests/2

src:setools
    https://salsa.debian.org/selinux-team/setools/-/merge_requests/2


Best regards,
    Christian Göttsche

More information about the SELinux-devel mailing list