Debian SELinux Status

Introduction

In order to run ["SELinux"] on Debian, you generally need an up-to-date 2.6 kernel with ["SELinux"] enabled and some patched user-space utilities, most of which should now be available in the Debian unstable. This page tries to track the progress of SELinux-enabling Debian.

Open Issues

Package

Bug no

Comment

[http://packages.debian.org/src:linux-2.6 linux-2.6]

[http://bugs.debian.org/338543 #338543]

Kernel package 2.6.14 lacks socket auditing

[http://packages.debian.org/sysvinit sysvinit]

[http://bugs.debian.org/330592 #330592]

init crashes when selinux is enabled, /selinux exists but it can't load a policy

[http://packages.debian.org/cron cron]

[http://bugs.debian.org/333837 #333837]

/etc/cron.daily/standard tries to backup gshadow, shadow

[http://packages.debian.org/initscripts initscripts]

[http://bugs.debian.org/333836 #333836]

/etc/init.d/mountvirtfs and /etc/init.d/checkroot.sh try to touch filesystems to check writeability

[http://packages.debian.org/selinux-policy-default selinux-policy]

None

Policy packaging needs to be redone. Installed packages should be identified and appropriate policy files chosen automatically instead of asking a myriad of questions

[http://packages.debian.org/cron cron]

[http://bugs.debian.org/333837 #333837]

/etc/cron.daily/standard tries to backup gshadow, shadow

general

None

Add more documentation e.g. on how to set booleans in Debian SELinux (partly upstream issue)

Closed Issues

Package

Ver

Bug no

Description

[http://packages.debian.org/src:linux-2.6 linux-2.6]

2.6.9

None

Enable SELinux in kernel

[http://packages.debian.org/dpkg dpkg]

1.13.9

[http://bugs.debian.org/249496 249496], [http://bugs.debian.org/314886 314886]

Enable SELinux in dpkg

[http://packages.debian.org/ssh ssh]

4.1p1-4

[http://bugs.debian.org/308555 308555]

Enable SELinux in ssh

[http://packages.debian.org/logrotate logrotate]

3.7.1-1

[http://bugs.debian.org/315514 315514]

Enable SELinux in logrotate

[http://packages.debian.org/devmapper devmapper]

2:1.01.04-2

[http://bugs.debian.org/315473 315473]

Enable SELinux in devmapper

[http://packages.debian.org/lvm2 lvm2]

2.01.14-1

[http://bugs.debian.org/315505 315505]

Enable SELinux in lvm2

[http://packages.debian.org/cron cron]

3.0p11-88

[http://bugs.debian.org/315509 315509]

Enable SELinux in cron

[http://packages.debian.org/sysvinit sysvinit]

2.86.ds1-2

[http://bugs.debian.org/315611 315611] (also [http://bugs.debian.org/242900 242900] and [http://bugs.debian.org/249515 249515])

Enable SELinux in sysvinit

[http://packages.debian.org/libpam0g libpam0g]

0.79-1

[http://bugs.debian.org/284954 284954]

Enable SELinux in PAM

[http://packages.debian.org/coreutils coreutils]

5.93-1

[http://bugs.debian.org/312426 312426]

Enable SELinux in coreutils

[http://packages.debian.org/src:linux-2.6 linux-2.6]

2.6.13

[http://bugs.debian.org/333834 333834]

Enable SELinux auditing in kernel to allow debugging/tweaking/enhancing

Additional Information

For some of the userspace tools, there are "unofficial" packages available [http://www.coker.com.au/selinux/ here] and [http://www.golden-gryphon.com/software/security/selinux.xhtml here], these should no longer be necessary but might contain bugfixes which are not yet in the official repository.

For more information, see the ["SELinux"] page.