Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Debian 9 "Stretch" Frozen - getting SELinux ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Debian 9 "Stretch" Frozen - getting SELinux ?

Just spotted on facebook... Debian 9 "Stretch" is getting the (in)famous SE Linux that mostly everyone gets to disable?

Not much of a CentOS guy here... so have no clue about this but being a Debian fanatic for years what should I be expecting (or worrying) ?

Comments

  • You've got a good decade before it'll be implemented in Debian- don't worry about it.

    Thanked by 1klikli
  • I use it on fedora and it hasn't been a problem. Probably a good thing.

  • zeitgeistzeitgeist Member
    edited February 2017

    Debian already "has" SELinux. It's just not as well supported and requires manual installation and much more manual maintenance.

    • apt-get install selinux-basics
    • touch /.autorelabel
    • vim /etc/default/grub and add "selinux=1 security=selinux" to GRUB_CMDLINE_LINUX_DEFAULT
    • reboot

    Also, you may want to compile the upstream refpolicy from scratch. -> https://github.com/TresysTechnology/refpolicy

    Biggest issue yet is with the Debian packages that are not out of the box SELinux ready. There goes the manual work you'd have to do. To answer your original question, there is hope that Debian adds policies out of the box in stretch. -> https://packages.debian.org/stretch/selinux-policy-default

    Thanked by 1vpsGOD
  • mehargagsmehargags Member
    edited February 2017

    What I actually meant was what if Debian 9 gets it "bundled" in the final version, just like systemd?? or not quite likely ?

  • doughmanesdoughmanes Member
    edited February 2017

    There was systemd workarounds

  • raindog308raindog308 Administrator, Veteran

    Has there been a recent upsurge of Debian users demanding SElinux?

    Thanked by 1doughmanes
  • raindog308 said: Has there been a recent upsurge of Debian users demanding SElinux?

    Where have you been the last year? There were millions of Debian users on the street 2016, fighting for SELinux!

    Thanked by 2raindog308 WSS
  • @Amitz said:

    There were millions of Debian users on the street 2016, fighting for SELinux!

    lol, Every guide I read 3-4 years back for CentOS would actually start with "Disable SELinux" and mentioned it more like an annoyance. Heck, I have it noted in my CentOS install notes too!

    So.. was wondering what/why/when this would make into Debian.

  • raindog308raindog308 Administrator, Veteran

    Amitz said: Where have you been the last year? There were millions of Debian users on the street 2016, fighting for SELinux!

    Ah...that explains the crowds at the airport and the marching and stuff. I was wondering what was going on.

    Thanked by 2Amitz netomx
  • mehargags said: lol, Every guide I read 3-4 years back for CentOS would actually start with "Disable SELinux" and mentioned it more like an annoyance. Heck, I have it noted in my CentOS install notes too!

    :-)

    I may misremember, but I think that "Disable SELinux" is preselected if you install CentOS 7 from an ISO. (Or do I misremember?)

    This is a useful video from Red Hat to watch in one's free time:

    Thanked by 1mehargags
  • @mehargags said:

    @Amitz said:

    There were millions of Debian users on the street 2016, fighting for SELinux!

    lol, Every guide I read 3-4 years back for CentOS would actually start with "Disable SELinux" and mentioned it more like an annoyance. Heck, I have it noted in my CentOS install notes too!

    So.. was wondering what/why/when this would make into Debian.

    Laziness mostly, SE-Linux isn't necessarily a bad thing but it does need the policies configuring properly for the applications running on the system

Sign In or Register to comment.