Bug#249510: marked as done (kernel-image-2.6.5-1-686: can SELinux please be compiled in (and then disabled by default))
Your message dated Wed, 29 Sep 2004 17:12:42 +0200
with message-id <20040929151242.GD1835@stro.at>
and subject line selinux in debian kernel
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 May 2004 20:48:30 +0000
>From root@lkcl.net Mon May 17 13:48:30 2004
Return-path: <root@lkcl.net>
Received: from hafnium.btinternet.com [194.73.73.121]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BPp2E-0007aQ-00; Mon, 17 May 2004 13:48:30 -0700
Received: from [81.130.181.235] (helo=lkcl.net)
by hafnium.btinternet.com with esmtp (Exim 3.22 #25)
id 1BPp2D-0006zw-00
for submit@bugs.debian.org; Mon, 17 May 2004 21:48:29 +0100
Received: from highfield ([192.168.0.223]:33881 helo=lkcl.net)
by lkcl.net with esmtp (Exim 4.24 #1)
id 1BPp4x-000728-MN
for <submit@bugs.debian.org>; Mon, 17 May 2004 20:51:19 +0000
Received: from root by lkcl.net with local (Exim 4.24)
id 1BPoze-0002D4-Jm; Mon, 17 May 2004 20:45:50 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel-image-2.6.5-1-686: can SELinux please be compiled in (and then
disabled by default)
X-Mailer: reportbug 2.39
Date: Mon, 17 May 2004 20:45:50 +0000
Message-Id: <E1BPoze-0002D4-Jm@lkcl.net>
X-SA-Exim-Mail-From: root@lkcl.net
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE,
UPPERCASE_25_50 autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: kernel-image-2.6.5-1-686
Version: 2.6.5-2
Severity: wishlist
hi herbert,
both fedora and suse now have SELinux kernels by default, with the
security enhancements DISABLED by default.
please could debian do likewise?
see http://selinux.lemuria.org/install-2.6.html
i _think_ this is a complete set of the options needed -
this allows security to be placed on EXT2 and EXT3 filesystems
(not sure about DEVPTS and not sure about XFS).
despite what you may see on the above URL, CONFIG_SECURITY_NETWORK=y
_is_ required in order to be able to set security policy for networked
clients and services.
compiling (but then not using) selinux has a small (2% overhead).
i'm raising a separate request for the patch to init which will
manage whether selinux is enabled at boot time or not (kernel
opt selinux=0 or 1)
l.
#
# File systems
#
CONFIG_EXT2_FS=m
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS=m
CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_DEVPTS_FS_XATTR=y
CONFIG_DEVPTS_FS_SECURITY=y
#
# Security options
#
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_CAPABILITIES=m
CONFIG_SECURITY_ROOTPLUG=m
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
# CONFIG_SECURITY_SELINUX_DISABLE is not set
CONFIG_SECURITY_SELINUX_DEVELOP=y
# CONFIG_SECURITY_SELINUX_MLS is not set
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.5-1-686 #1 Sat Apr 24 08:47:10 EST 2004 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages kernel-image-2.6.5-1-686 depends on:
ii coreutils [fileutils] 5.0.91-2 The GNU core utilities
ii fileutils 5.0.91-2 The GNU file management utilities
ii initrd-tools 0.1.65 tools to create initrd image for p
ii module-init-tools 3.0-pre9-1 tools for managing Linux kernel mo
-- no debconf information
---------------------------------------
Received: (at 249510-done) by bugs.debian.org; 29 Sep 2004 15:12:33 +0000
>From max@stro.at Wed Sep 29 08:12:33 2004
Return-path: <max@stro.at>
Received: from baikonur.stro.at [213.239.196.228]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CCg89-0008KG-00; Wed, 29 Sep 2004 08:12:33 -0700
Received: from localhost (localhost [127.0.0.1])
by baikonur.stro.at (Postfix) with ESMTP id 473625C069
for <249510-done@bugs.debian.org>; Wed, 29 Sep 2004 17:12:30 +0200 (CEST)
Received: from baikonur.stro.at ([127.0.0.1])
by localhost (baikonur [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 05029-01 for <249510-done@bugs.debian.org>;
Wed, 29 Sep 2004 17:12:29 +0200 (CEST)
Received: from sputnik (stallburg.stro.at [128.131.216.190])
by baikonur.stro.at (Postfix) with ESMTP id B92CC5C00A
for <249510-done@bugs.debian.org>; Wed, 29 Sep 2004 17:12:29 +0200 (CEST)
Received: from max by sputnik with local (Exim 4.34)
id 1CCg8I-0000me-J3
for 249510-done@bugs.debian.org; Wed, 29 Sep 2004 17:12:42 +0200
Date: Wed, 29 Sep 2004 17:12:42 +0200
From: maks attems <debian@sternwelten.at>
To: 249510-done@bugs.debian.org
Subject: selinux in debian kernel
Message-ID: <20040929151242.GD1835@stro.at>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040722i
Sender: maximilian attems <max@stro.at>
X-Virus-Scanned: by Amavis (ClamAV) at stro.at
Delivered-To: 249510-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
current selinux suffers severe performance problems,
the developper are working on this for post 2.6.8.
--
maks
kernel janitor http://janitor.kernelnewbies.org/
Reply to: