On Fri, Oct 06, 2006 at 05:35:32PM -0500, Manoj Srivastava wrote: > As shipped, the Debian kernel images have SELinux compiled in, > but disabled, a command line parameter is required to turn SELinux > on. When SELinux is turned on (by enabling it in grub), the default > policy setting are that the machine would come on in permissive mode, > using the targeted policy; so the worst case scenario is that the > there would be lots of log messages if someone "accidentally" turned > on SELinux. > > I think we are ready. And shipping SELinux by default would > be a positive thing, in these days of accelerating attacks :)
Just a heads up... this won't be making it in to etch, but Xorg upstream just integrated a new security infrastrucuture in to the X server which is designed to handle, among other things, SELinux policies. The feature is named 'XACE' and will ship with 7.2. We'll be shipping 7.1 with etch, but this is something we should exploit when 7.2 hits unstable. - David "I know nothing about SELinux" Nusinow -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]