Debian SELinux Status

Introduction

In order to run ["SELinux"] on Debian, you generally need an up-to-date 2.6 kernel with ["SELinux"] enabled and some patched user-space utilities, most of which should now be available in the Debian unstable. This page tries to track the progress of SELinux-enabling Debian.

[http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=selinux;users=selinux-devel@lists.alioth.debian.org Bug reports with SELinux usertag]

Open Issues

Package

Ver

Bug no

Comment

[http://packages.debian.org/exim4 exim4]

N/A

[http://bugs.debian.org/387327 #387328]

Exim needs a SELinux policy written - you have to use postfix or sendmail for now

[http://packages.debian.org/sysvinit sysvinit]

N/A

[http://bugs.debian.org/330592 #330592]

init crashes when selinux is enabled, /selinux exists but it can't load a policy

[http://packages.debian.org/cron cron]

N/A

[http://bugs.debian.org/333837 #333837]

/etc/cron.daily/standard tries to backup gshadow, shadow

[http://packages.debian.org/selinux-policy-default selinux-policy]

N/A

None

Policy packaging needs to be redone. Installed packages should be identified and appropriate policy files chosen automatically instead of asking a myriad of questions

general

N/A

None

Add more documentation e.g. on how to set booleans in Debian SELinux (partly upstream issue)

Resolved Issues

Package

Ver

Bug no

Comment

[http://packages.debian.org/python-support python-support]

N/A

None

SELinux policy for python support needs to be written

[http://packages.debian.org/amavisd-new amavisd-new]

1:2.4.2-1

[http://bugs.debian.org/381243 #381243]

Cron job doesn't work, needs to be made a separate script + policy changes

[http://packages.debian.org/ntp-server ntp-server]

1:4.2.2+dfsg.2-1

[http://bugs.debian.org/340781 #340781]

ntp cronjob tries to rotate ntp statistics, needs policy modification or use logrotate

[http://packages.debian.org/initscripts initscripts]

2.86.ds1-11

[http://bugs.debian.org/333836 #333836]

/etc/init.d/mountvirtfs and /etc/init.d/checkroot.sh try to touch filesystems to check writeability

[http://packages.debian.org/src:linux-2.6 linux-2.6]

2.6.14-3

[http://bugs.debian.org/338543 #338543]

Kernel package 2.6.14-2 lacks socket auditing

[http://packages.debian.org/src:linux-2.6 linux-2.6]

2.6.9

None

Enable SELinux in kernel

[http://packages.debian.org/dpkg dpkg]

1.13.9

[http://bugs.debian.org/249496 249496], [http://bugs.debian.org/314886 314886]

Enable SELinux in dpkg

[http://packages.debian.org/ssh ssh]

4.1p1-4

[http://bugs.debian.org/308555 308555]

Enable SELinux in ssh

[http://packages.debian.org/logrotate logrotate]

3.7.1-1

[http://bugs.debian.org/315514 315514]

Enable SELinux in logrotate

[http://packages.debian.org/devmapper devmapper]

2:1.01.04-2

[http://bugs.debian.org/315473 315473]

Enable SELinux in devmapper

[http://packages.debian.org/lvm2 lvm2]

2.01.14-1

[http://bugs.debian.org/315505 315505]

Enable SELinux in lvm2

[http://packages.debian.org/cron cron]

3.0p11-88

[http://bugs.debian.org/315509 315509]

Enable SELinux in cron

[http://packages.debian.org/sysvinit sysvinit]

2.86.ds1-2

[http://bugs.debian.org/315611 315611], [http://bugs.debian.org/242900 242900], [http://bugs.debian.org/249515 249515]

Enable SELinux in sysvinit

[http://packages.debian.org/libpam0g libpam0g]

0.79-1

[http://bugs.debian.org/284954 284954]

Enable SELinux in PAM

[http://packages.debian.org/coreutils coreutils]

5.93-1

[http://bugs.debian.org/312426 312426]

Enable SELinux in coreutils

[http://packages.debian.org/src:linux-2.6 linux-2.6]

2.6.13

[http://bugs.debian.org/333834 333834]

Enable SELinux auditing in kernel to allow debugging/tweaking/enhancing

Additional Information

For some of the userspace tools, there are "unofficial" packages available [http://www.coker.com.au/selinux/ here] and [http://www.golden-gryphon.com/software/security/selinux.xhtml here], these should no longer be necessary but might contain bugfixes which are not yet in the official repository.

For more information, see the ["SELinux"] page.