Re: Making SELinux standard for etch

To: debian-devel@lists.debian.org
Subject: Re: Making SELinux standard for etch
From: David Nusinow <dnusinow@speakeasy.net>
Date: Sun, 8 Oct 2006 20:01:42 -0400
Message-id: <[🔎] 20061009000142.GE5043@verizon.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87mz89ul6z.fsf@glaurung.internal.golden-gryphon.com>
References: <[🔎] 87mz89ul6z.fsf@glaurung.internal.golden-gryphon.com>

On Fri, Oct 06, 2006 at 05:35:32PM -0500, Manoj Srivastava wrote:
>         As shipped, the Debian kernel images have SELinux compiled in,
>  but disabled, a command line parameter is required to turn SELinux
>  on. When SELinux is turned on (by enabling it in grub), the default
>  policy setting are that the machine would come on in permissive mode,
>  using the targeted policy; so the worst case scenario is that the
>  there would be lots of log messages if someone "accidentally" turned
>  on SELinux.
> 
>         I think we are ready.  And shipping SELinux by default would
>  be a positive thing, in these days of accelerating attacks :)

Just a heads up... this won't be making it in to etch, but Xorg upstream
just integrated a new security infrastrucuture in to the X server which is
designed to handle, among other things, SELinux policies. The feature is
named 'XACE' and will ship with 7.2. We'll be shipping 7.1 with etch, but
this is something we should exploit when 7.2 hits unstable.

 - David "I know nothing about SELinux" Nusinow

Reply to:

References:
- Making SELinux standard for etch
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Bug#391839: ITP: mahoro -- File type determination library for Ruby
Next by Date: Bug#391854: ITP: freepv -- A powerful viewer for panoramic images
Previous by thread: Re: Making SELinux standard for etch
Next by thread: Re: Making SELinux standard for etch
Index(es):
- Date
- Thread