[lug] Re: SELinux

Bear Giles bgiles at coyotesong.com
Sun Mar 12 16:52:54 MST 2006


Kevin Fenzi wrote:

>David> Fortunately whatever
>David> Debian is doing with it hasn't broken anything.
>
>I'm not a Debian developer, but I think what they are doing with
>selinux is not much. It's not enabled or setup at all as far as I
>know. (I'd love to hear diffrently). 
>  
>
I haven't had a chance to play with it on either my desktop or NSLU2 
embedded device, but in a nutshell there's a kernel patch (which is 
usually pretty painless in Debian) and packages for both the basic 
functionality and creating/testing your own policies.

I've also looked at the docs for SE-ified system calls.  It doesn't look 
too painful.  You would normally just use the regular libraries and let 
the kernel do it's stuff, but it opens the door to your own SE-aware 
applications.

Bear



More information about the LUG mailing list