Le 30 Sep 2013 15:05:51 +0200, [email protected] a écrit : > I very likely will not be able to do anything before 0:00 tonight :-( > > Would be good if someone (you?) could propose that. Now is the time > to improve security.
I've no time to do this ATM. > Ideally it should be possible to run a standard Jessie Installation > in enforcing mode. Is that a realistic release goal? I would call this an ambitious plan. I think we should make our best allow the users to be able to enable selinux on their machine without too much hassle. I see three paths here: - Improuve the policy, this is currently being worked out with upstream. - As said be sure that when a init/maintainer script is creating a file/directory the label on disk is properly (re)set. - Be sure that selinux aware applications (I'm thinking about libvirt here) have selinux support enabled and that's it's working properly. Cheers Laurent Bigonville _______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
