Re: SELinux Suggestion
On Fri, 21 Sep 2007 04:51:16 -0400, Kevin Mark <kevin.mark@verizon.net> said:
> On Fri, Sep 21, 2007 at 12:19:40AM -0500, Mike McCarty wrote:
>> Joey Hess wrote:
>>> SE Linux is already included in Debian, and is even installed,
>>> though not enabled, by default. You can remove the selinux-policy-*
>>> packages to remove it.
>>
>> That is naive, is it not? The apps themselves have to be SELinux-
>> aware. So, one can remove the policy packages, but not SELinux.
>>
>> It looks like I am too late, and Debian is already infected. Oh,
>> well.
>>
> The extent to which SELinux 'infests' Debian is a minor one. For
> proper SELinux support you only have to alter a handful of basic
> packages and the kernel, so that's like .001% of its packages.
> cheers, K
I think most of that work is done. I am trying to make it so
that people can ask the debian-installer to install a functional
SELinux box running in enforcing mode from the get-go -- and hopefully,
also be able to specify that it uses strict policy rather than
targeted.
manoj
--
There are no eternal facts as there are no absolute truths. Friedrich
Nietzsche
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: