Debian SELinux Status
Introduction
In order to run ["SELinux"] on Debian, you generally need an up-to-date 2.6 kernel with ["SELinux"] enabled and some patched user-space utilities, most of which should now be available in the Debian unstable. This page tries to track the progress of SELinux-enabling Debian.
[http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=selinux;users=selinux-devel@lists.alioth.debian.org Bug reports with SELinux usertag]
Open Issues |
|||
Package |
Ver |
Bug no |
Comment |
[http://packages.debian.org/exim4 exim4] |
N/A |
[http://bugs.debian.org/387327 #387328] |
Exim needs a SELinux policy written - you have to use postfix or sendmail for now |
[http://packages.debian.org/sysvinit sysvinit] |
N/A |
[http://bugs.debian.org/330592 #330592] |
init crashes when selinux is enabled, /selinux exists but it can't load a policy |
N/A |
[http://bugs.debian.org/333837 #333837] |
/etc/cron.daily/standard tries to backup gshadow, shadow |
|
[http://packages.debian.org/selinux-policy-default selinux-policy] |
N/A |
None |
Policy packaging needs to be redone. Installed packages should be identified and appropriate policy files chosen automatically instead of asking a myriad of questions |
general |
N/A |
None |
Add more documentation e.g. on how to set booleans in Debian SELinux (partly upstream issue) |
Resolved Issues |
|||
Package |
Ver |
Bug no |
Comment |
[http://packages.debian.org/python-support python-support] |
N/A |
None |
SELinux policy for python support needs to be written |
[http://packages.debian.org/amavisd-new amavisd-new] |
1:2.4.2-1 |
[http://bugs.debian.org/381243 #381243] |
Cron job doesn't work, needs to be made a separate script + policy changes |
[http://packages.debian.org/ntp-server ntp-server] |
1:4.2.2+dfsg.2-1 |
[http://bugs.debian.org/340781 #340781] |
ntp cronjob tries to rotate ntp statistics, needs policy modification or use logrotate |
[http://packages.debian.org/initscripts initscripts] |
2.86.ds1-11 |
[http://bugs.debian.org/333836 #333836] |
/etc/init.d/mountvirtfs and /etc/init.d/checkroot.sh try to touch filesystems to check writeability |
[http://packages.debian.org/src:linux-2.6 linux-2.6] |
2.6.14-3 |
[http://bugs.debian.org/338543 #338543] |
Kernel package 2.6.14-2 lacks socket auditing |
[http://packages.debian.org/src:linux-2.6 linux-2.6] |
2.6.9 |
None |
Enable SELinux in kernel |
1.13.9 |
[http://bugs.debian.org/249496 249496], [http://bugs.debian.org/314886 314886] |
Enable SELinux in dpkg |
|
4.1p1-4 |
[http://bugs.debian.org/308555 308555] |
Enable SELinux in ssh |
|
[http://packages.debian.org/logrotate logrotate] |
3.7.1-1 |
[http://bugs.debian.org/315514 315514] |
Enable SELinux in logrotate |
[http://packages.debian.org/devmapper devmapper] |
2:1.01.04-2 |
[http://bugs.debian.org/315473 315473] |
Enable SELinux in devmapper |
2.01.14-1 |
[http://bugs.debian.org/315505 315505] |
Enable SELinux in lvm2 |
|
3.0p11-88 |
[http://bugs.debian.org/315509 315509] |
Enable SELinux in cron |
|
[http://packages.debian.org/sysvinit sysvinit] |
2.86.ds1-2 |
[http://bugs.debian.org/315611 315611], [http://bugs.debian.org/242900 242900], [http://bugs.debian.org/249515 249515] |
Enable SELinux in sysvinit |
[http://packages.debian.org/libpam0g libpam0g] |
0.79-1 |
[http://bugs.debian.org/284954 284954] |
Enable SELinux in PAM |
[http://packages.debian.org/coreutils coreutils] |
5.93-1 |
[http://bugs.debian.org/312426 312426] |
Enable SELinux in coreutils |
[http://packages.debian.org/src:linux-2.6 linux-2.6] |
2.6.13 |
[http://bugs.debian.org/333834 333834] |
Enable SELinux auditing in kernel to allow debugging/tweaking/enhancing |
Additional Information
For some of the userspace tools, there are "unofficial" packages available [http://www.coker.com.au/selinux/ here] and [http://www.golden-gryphon.com/software/security/selinux.xhtml here], these should no longer be necessary but might contain bugfixes which are not yet in the official repository.
For more information, see the ["SELinux"] page.