Debian SELinux Status
Introduction
In order to run ["SELinux"] on Debian, you generally need an up-to-date 2.6 kernel with ["SELinux"] enabled and some patched user-space utilities, most of which should now be available in the Debian unstable. This page tries to track the progress of SELinux-enabling Debian.
Open Issues
Package |
Bug no |
Comment |
[http://packages.debian.org/src:linux-2.6 linux-2.6] |
[http://bugs.debian.org/338543 #338543] |
Kernel package 2.6.14 lacks socket auditing |
[http://packages.debian.org/sysvinit sysvinit] |
[http://bugs.debian.org/330592 #330592] |
init crashes when selinux is enabled, /selinux exists but it can't load a policy |
[http://bugs.debian.org/333837 #333837] |
/etc/cron.daily/standard tries to backup gshadow, shadow |
|
[http://packages.debian.org/initscripts initscripts] |
[http://bugs.debian.org/333836 #333836] |
/etc/init.d/mountvirtfs and /etc/init.d/checkroot.sh try to touch filesystems to check writeability |
[http://packages.debian.org/selinux-policy-default selinux-policy] |
None |
Policy packaging needs to be redone. Installed packages should be identified and appropriate policy files chosen automatically instead of asking a myriad of questions |
[http://bugs.debian.org/333837 #333837] |
/etc/cron.daily/standard tries to backup gshadow, shadow |
|
general |
None |
Add more documentation e.g. on how to set booleans in Debian SELinux (partly upstream issue) |
Closed Issues
Package |
Ver |
Bug no |
Description |
[http://packages.debian.org/src:linux-2.6 linux-2.6] |
2.6.9 |
None |
Enable SELinux in kernel |
1.13.9 |
[http://bugs.debian.org/249496 249496], [http://bugs.debian.org/314886 314886] |
Enable SELinux in dpkg |
|
4.1p1-4 |
[http://bugs.debian.org/308555 308555] |
Enable SELinux in ssh |
|
[http://packages.debian.org/logrotate logrotate] |
3.7.1-1 |
[http://bugs.debian.org/315514 315514] |
Enable SELinux in logrotate |
[http://packages.debian.org/devmapper devmapper] |
2:1.01.04-2 |
[http://bugs.debian.org/315473 315473] |
Enable SELinux in devmapper |
2.01.14-1 |
[http://bugs.debian.org/315505 315505] |
Enable SELinux in lvm2 |
|
3.0p11-88 |
[http://bugs.debian.org/315509 315509] |
Enable SELinux in cron |
|
[http://packages.debian.org/sysvinit sysvinit] |
2.86.ds1-2 |
[http://bugs.debian.org/315611 315611] (also [http://bugs.debian.org/242900 242900] and [http://bugs.debian.org/249515 249515]) |
Enable SELinux in sysvinit |
[http://packages.debian.org/libpam0g libpam0g] |
0.79-1 |
[http://bugs.debian.org/284954 284954] |
Enable SELinux in PAM |
[http://packages.debian.org/coreutils coreutils] |
5.93-1 |
[http://bugs.debian.org/312426 312426] |
Enable SELinux in coreutils |
[http://packages.debian.org/src:linux-2.6 linux-2.6] |
2.6.13 |
[http://bugs.debian.org/333834 333834] |
Enable SELinux auditing in kernel to allow debugging/tweaking/enhancing |
Additional Information
For some of the userspace tools, there are "unofficial" packages available [http://www.coker.com.au/selinux/ here] and [http://www.golden-gryphon.com/software/security/selinux.xhtml here], these should no longer be necessary but might contain bugfixes which are not yet in the official repository.
For more information, see the ["SELinux"] page.