Hi! Manoj Srivastava [2004-11-05 1:39 -0600]: > I would once again like to bring up the possibility of > compiling in support for SELinux in 2.6.9+ kernels, but leaving them > disabled by default at boot time. > [...] > I think this would be really helpful to our users, since then > they can chose to try out SELinux by just adding a stanza to grub or > lilo -- try things out in non-enforcing mode, for instance.
I fully support this, however, SELinux seems to be a quite intrusive story. As opposed to grsecurity/LIDS/RSBAC/etc. I think it needs a bunch of patched system packages to work properly. I did not thoroughly check this recently, but I don't think that all patches went in the default distribution already. Just look at #227972, an outstanding RC bug with no reply, open for nearly 300 days now. So in addition to providing kernel support, it would be great to also ship the necessary user space stuff in Debian proper. Then we could label ourselves as "SELinux support out of the box", which would be really a good asset. :-) Have a nice day, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
