LinuxKernel > SELinux


Security-Enhanced Linux (SELinux) is a project to implement mandatory access control under Linux. This project was initially developed by the National Security Agency (NSA), as a reference implementation.

For more information please read the NSA SELinux website and a paper on why mandatory access controls are a good and likely a necessary thing.

Debian SELinux support

The Debian packaged Linux kernels have had SELinux support compiled in (but disabled by default) since version 2.6.9. See the instruction in the Setup page.

The SELinux support is in constant flux, so it is generally recommended that you use an up-to-date installation of unstable if you want to experiment with SELinux (for instance, the Debian packaged Linux kernels did not include "audit" support until version 2.6.13).

In addition to kernel modifications, several user-space application need to be modified to support SELinux properly. Patched versions of these should be in Debian unstable & testing by now.

Non-Linux Platforms

Please note that SELinux is a Linux-specific feature and Debian packages shouldn't assume it is present (unless they're Linux-specific packages for some reason). Remember to check whether this is a Linux platform by using dpkg-architecture variables in debian/rules, and conditionalise the libselinux Build-Dependency using [] tags. Something like [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386] should be fine.

Mailing lists

There are mailing lists about SELinux support in Debian for both user support and development hosted on alioth. Use the SELinux lists overview to subscribe to the lists or browse the archives.

The selinux-bugs and selinux-announce lists are currently not being used.


CategoryPermalink

ToDo: rewrite this page to focus on the current situation, and how Lenny actually supports SELinux.