[lug] Re: SELinux
Bear Giles
bgiles at coyotesong.com
Sun Mar 12 16:52:54 MST 2006
Kevin Fenzi wrote:
>David> Fortunately whatever
>David> Debian is doing with it hasn't broken anything.
>
>I'm not a Debian developer, but I think what they are doing with
>selinux is not much. It's not enabled or setup at all as far as I
>know. (I'd love to hear diffrently).
>
>
I haven't had a chance to play with it on either my desktop or NSLU2
embedded device, but in a nutshell there's a kernel patch (which is
usually pretty painless in Debian) and packages for both the basic
functionality and creating/testing your own policies.
I've also looked at the docs for SE-ified system calls. It doesn't look
too painful. You would normally just use the regular libraries and let
the kernel do it's stuff, but it opens the door to your own SE-aware
applications.
Bear
More information about the LUG
mailing list