SELinux support for Debian Live - Feedback welcomed
1) I just wanted to share with you that I have finally managed to add
SELinux support for Debian Live.
The current SELinux packages in Debian are a bit buggy. You even need
to use packages from Debian sid in order to make it work. That's why I'm
not going to push this into Debian Live next branch till all the needed
packages are in Debian Jessie.
2) Is there anyone interested in SELinux being part of Debian Live?
I need your feedback on knowing if you want enforced mode by default or
if permissive is fine. Anything about default policy type.
3) Needed live-build upgrades can be found at:
* Repo: https://github.com/adrian15/live-build/
* Tag: rescatux-0.40b1
* Commit: 42a8f50690be1153285dc8841ec532ac2281e27d
What it's missing from the implementation is:
* Choosing to enable it or not (It's enabled by default)
* Choose between permissive or enforce mode at boot
* Ensure the kernel command line parametres are the right ones for
selinux (I do it on the Rescatux (My Debian Live distro) side.)
* Ensure minimal SELinux packages are installed on chroot. Not sure if
live-build it's the place where to force these package installations by
the way.
If you are interested on the other side of the implementation in
Rescatux take a look at:
* Repo: http://sourceforge.net/p/rescatux/git/
* Tag: v0.40b1
* Commits:
** 9f74111d7c5222a739054af1900784481f6496c3
** 7b9c95246d56fc539ad2e0cb899e83b7fe2c7518
** 3237938e62e37c62cd03575e5be0c349e3d923e5
** 4318f18b61901d898ca24734f578a7846b14dc0d
4) Finally check the Rescatux page (
http://www.supergrubdisk.org/rescatux/ ) . In less than 48 hours I will
be releasing 0.40 beta 1 featuring this SELinux support.
adrian15
--
Support free software. Donate to Super Grub Disk. Apoya el software
libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/
Reply to: