[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFC] Changing priority of selinux back to optional

On Wed, Feb 06, 2008 at 11:43:54PM -0600, Manoj Srivastava wrote:
>         I don't think Lenny is in shape for a release either.  It took
>  me about a day to get most SELinux packages back up to date --  which
>  means we could have them updated anytmime in the last few months, if
>  any one had the time or motivsation.

Yes, updating packages is not so much work. Some work is done already be
me. Packages are compiled in binary form only for Etch at repository
http://linux.i.cz/debian/ selinux-etch. I hope sources are usable for
Sid http://linux.i.cz/debian/dists/selinux-etch/main/source/Sources.gz.
Repository is managed by reprepro and packages lays in to pool. I can
rebuild packages for Sid and create repository selinux-sid if anyone
there wants. (In that case I must probably rebuild Etch variants with
some different release number to prevent collision between Etch & Sid
variant. I think, that after some cleanup (changelog), you can use some
packages from this repo. All packaging (except clear backports
Sid->Etch) is versioned using git-buildpackage (currently not
accessible). Code is taken from subversion

Repository contains:
icz-archive-keyring	2007.07.31
    - repo key

    - Sid contains, with works
      initialization of user context.
      Upgrade or patch in Sid is needed.

checkpolicy	2.0.9.svn20080204.r2784-0.icz.1
libselinux	2.0.51.svn20080205.r2790-0.icz.1
libsemanage	2.0.23.svn20080206.r2791-0.icz.1
libsepol	2.0.20.svn20080204.r2778-0.icz.1
policycoreutils	2.0.42.svn20080202.r2776-0.icz.1
sepolgen	1.0.11.svn20080123.r2738-0.icz.1
    - staff from selinux.svn.sourceforge.net.
      There are changes into Manojs packaging, because newer python bindings
      needs version python2.5, wich is unsupported in Etch.

setools		3.3.2-0.icz.3
    - This packaging is also changed, because of new libs (libqpol,

shadow		1:4.1.0-2~icz40+1
tk8.4		8.4.16-1~icz40+1
ustr		1.0.3-1~icz40+1
    - these are only backports from Sid

I used CDBS for packaging (where packaging changed), because it is easy
& pretty. :)

Openssh package of Sid needs change, because it has problems with
initialization of user context. (Not the case for Etch openssh.)

Package policycoreutils contains a patch for fixfiles, witch is
currently broken in the svn repo yet (but reported). Fixfiles is called
from selinux-basics for relabeling.

I hope something from this can be useful for Debian, at least this is
interesting exercise for me :).

And yes the refpolicy is the most hard work! I simply builds policy from
sources. There is too much problems to package it yet I think.
Version of generated policy should be decreased according to kernel
version (/selinux/policyvers) in /etc/selinux/semanage.conf.

>         I ought to be back, now that we have survived the end of the
>  year dog and pony show at work.

Nice to read this. Thanks.


Reply to: