On Tuesday 03 October 2006 01:08, Otavio Salvador wrote: > Manoj Srivastava <srivasta@debian.org> writes: > > We are at a point where we can support a targeted SELinux > > policy, at least in permissive mode, I suggest that we ship SELinux > > installed, but turned off by default; and a README or a short shell > > script fr the local administrator to enable SELinux. Our support at > > this point is better in some respects to any other distribution > > (selecting and installing modular policy modules, for instance). All > > the core packages support SELinux (unlike in, say, Ubuntu). > > What about we add it as a task on tasksel and make grub-installer > enable it in case of the task is selected? On IRC yesterday Manoj was very clear that this is _not_ what we want at this point. The main reason AIUI is that enabling it without checking the setup first may break applications as we don't yet have perfect policies for a lot of important packages. Enabling selinux will require some manual changes by the user. Where documentation can be found how to enable it should be documented in the Etch Release Notes.
Attachment:
pgpBY9V72Aea1.pgp
Description: PGP signature