Steve Langasek wrote: >> selinux-policy-default > > I think this needs to be at Priority: standard as a necessary step in > SELinux bootstrapping, but I realize this is contentious. Not really. SELinux is not even close to functional after a standard installation. For one thing, it gets installed *after* the initrd gets generated and the initrd does not get regenerated, so the admin has to do that manually after rebooting into the installed system. There's also some manual tuning of the system required (documented in the wiki) to avoid a number of issues. Conclusion is that as a number of manual steps is needed anyway to get SELinux working, there is currently no benefit in having it installed by default. And there are various disadvantages, as discussed on this list last September [1]. Cheers, FJP [1] <20080914090810.GA7965@deprecation.cyrius.com>
Attachment:
signature.asc
Description: This is a digitally signed message part.