Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Debian 9 "Stretch" Frozen - getting SELinux ?
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Debian 9 "Stretch" Frozen - getting SELinux ?

    Just spotted on facebook... Debian 9 "Stretch" is getting the (in)famous SE Linux that mostly everyone gets to disable?

    Not much of a CentOS guy here... so have no clue about this but being a Debian fanatic for years what should I be expecting (or worrying) ?

    Comments

    • You've got a good decade before it'll be implemented in Debian- don't worry about it.

      Thanked by 1klikli

      I won't be back until @bsdguy is released.

    • I use it on fedora and it hasn't been a problem. Probably a good thing.

      #lexit spread the word.

    • zeitgeistzeitgeist Member
      edited February 2017

      Debian already "has" SELinux. It's just not as well supported and requires manual installation and much more manual maintenance.

      • apt-get install selinux-basics
      • touch /.autorelabel
      • vim /etc/default/grub and add "selinux=1 security=selinux" to GRUB_CMDLINE_LINUX_DEFAULT
      • reboot

      Also, you may want to compile the upstream refpolicy from scratch. -> https://github.com/TresysTechnology/refpolicy

      Biggest issue yet is with the Debian packages that are not out of the box SELinux ready. There goes the manual work you'd have to do. To answer your original question, there is hope that Debian adds policies out of the box in stretch. -> https://packages.debian.org/stretch/selinux-policy-default

      Thanked by 1vpsGOD
    • mehargagsmehargags Member
      edited February 2017

      What I actually meant was what if Debian 9 gets it "bundled" in the final version, just like systemd?? or not quite likely ?

    • doughmanesdoughmanes Member
      edited February 2017

      There was systemd workarounds

      How to clean up a questionable reputation: throw the kids some BF/CM offers.

    • Has there been a recent upsurge of Debian users demanding SElinux?

      Thanked by 1doughmanes

      For LET support, please visit the interim support desk.

    • raindog308 said: Has there been a recent upsurge of Debian users demanding SElinux?

      Where have you been the last year? There were millions of Debian users on the street 2016, fighting for SELinux!

      Thanked by 2raindog308 WSS

      "Actually, throughout my life, my two greatest assets have been mental stability and being, like, really smart.", Stephen Hawking, 2017. Join the Amitz party here.

    • @Amitz said:

      There were millions of Debian users on the street 2016, fighting for SELinux!

      lol, Every guide I read 3-4 years back for CentOS would actually start with "Disable SELinux" and mentioned it more like an annoyance. Heck, I have it noted in my CentOS install notes too!

      So.. was wondering what/why/when this would make into Debian.

    • Amitz said: Where have you been the last year? There were millions of Debian users on the street 2016, fighting for SELinux!

      Ah...that explains the crowds at the airport and the marching and stuff. I was wondering what was going on.

      Thanked by 2Amitz netomx

      For LET support, please visit the interim support desk.

    • mehargags said: lol, Every guide I read 3-4 years back for CentOS would actually start with "Disable SELinux" and mentioned it more like an annoyance. Heck, I have it noted in my CentOS install notes too!

      :-)

      I may misremember, but I think that "Disable SELinux" is preselected if you install CentOS 7 from an ISO. (Or do I misremember?)

      This is a useful video from Red Hat to watch in one's free time:

      Thanked by 1mehargags

      "Linux will run happily with only 4 MB of RAM, including all of the bells and whistles such as the X Window System, Emacs, and so on." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 32)

    • @mehargags said:

      @Amitz said:

      There were millions of Debian users on the street 2016, fighting for SELinux!

      lol, Every guide I read 3-4 years back for CentOS would actually start with "Disable SELinux" and mentioned it more like an annoyance. Heck, I have it noted in my CentOS install notes too!

      So.. was wondering what/why/when this would make into Debian.

      Laziness mostly, SE-Linux isn't necessarily a bad thing but it does need the policies configuring properly for the applications running on the system

    Sign In or Register to comment.