[DSE-Dev] Debian SELinux future?
david at hardeman.nu
Tue Jul 15 19:56:10 UTC 2008
the upload of selinux-policy-default seems to have finally done the long
promised merge of targeted and strict policies and contains a much newer
policy overall. However, the current status of the selinux policy raises
a lot of questions (for me at least):
First, some minor bugs that I've discovered so far:
o alsa.pp was not loaded automatically
o networkmanager.pp was not loaded automatically (probably since the
debian package is called network-manager)
o ntp.pp was not loaded automatically (I only have ntpdate installed but
it also needs ntp.pp)
o the file contexts for alsa.pp were incorrect, many alsa programs are
under /usr/sbin, not /sbin.
o a few other bits and pieces (like vbetool needing permission to write
vbestate under the /var hierarchy).
I see that Václav Ovsík and Martin Orr have posted a lot of patches,
what is the status of merging those patches?
Also, the Debian diff seems huge compared to the upstream policy, and
the Redhat diff seems even larger. Are there any efforts underway to
merge everything (that makes sense at least) upstream?
And finally, is there a current repo for the debian policy package to
create diffs against? Browsing the list there seems to be git repos,
arch repos, alioth repos etc, but which repo is the current one for the
packages that Russell uploaded?
More information about the SELinux-devel