[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse-factory
Subject:    Re: [opensuse-factory] openSUSE to add SELinux Basic Enablement in
From:       Sid Boyce <sboyce () blueyonder ! co ! uk>
Date:       2008-08-20 18:23:57
Message-ID: 48AC613D.4040603 () blueyonder ! co ! uk
[Download RAW message or body]

Andreas Jaeger wrote:
> I just published the following on news.opensuse.org:
>
> We have exciting news for security enthusiasts, experts, and paranoid people!
>
> Beginning with openSUSE 11.1, SUSE users will have an additional option
> regarding security frameworks. In addition to AppArmor, we will be
> adding SELinux capabilities in openSUSE 11.1, which will allow users to
> enable SELinux in openSUSE if they wish.
>
> While our customer experience shows that AppArmor is the best solution
> for the vast majority of users, applications, and use cases, we want to
> give all of our users the ability to choose the security framework
> thatâ € ™s appropriate for their respective environments and needs.
>
> We continue to enable AppArmor as our default Host Intrusion Prevention
> System, and we are supporting it as the default in openSUSE 11.1 and in
> SUSE Linux Enterprise 11.
>
> However we are adding functionality to allow openSUSE 11.1 systems to
> use SELinux instead. In the SUSE Linux Enterprise 11 platform, SELinux
> will also be shipped as a technology preview. This is particularly
> important for organizations that have already standardized on SELinux,
> but could not even test-drive SUSE Linux Enterprise before without major
> work and changes.
>
> What does SELinux basic enablement mean?
>
>      * We will ship the kernel with SELinux support.
>      * We will apply SELinux patches to all â € ścommonâ € ť userland packages.
>      * The libraries required for SELinux (libselinux, libsepol,
>        libsemanage, etc.) will be added to openSUSE and SUSE Linux
>        Enterprise.
>      * However, we are not offering enterprise class support for SELinux
>        at this time; thus we will run QA with SELinux disabled â € “ to make
>        sure that SELinux patches donâ € ™t break the default delivery and the
>        majority of packages.
>        Although we will not be running QA with SELinux enabled, we
>        encourage our testers to run tests with SELinux enabled and report
>        issues and enhancement requests back to us.
>      * We will not be shipping SELinux specific tools as part of the
>        default distribution delivery. However, the packages (such as
>        checkpolicy, policycoreutils, selinux-doc) will be available
>        through the openSUSE and SUSE Linux Enterprise repositories.
>      * We will not be shipping any SELinux policies in the
>        distribution. (Reference and maybe minimal policies will be
>        available from the repositories.)
>
> By enabling SELinux in our upcoming codebase, we add missing pieces of
> code that exist in the community already, and we allow those who wish to
> use SELinux to do so conveniently without having to replace a big chunk
> of the distribution.
>
> Questions about SELinux enablement should be discussed on the
> opensuse-factory mailing list.
>
> Andreas

Good move as far as I am concerned. I've played with SELinux on openSUSE 
using vanilla kernels which don't play well with apparmor.
Regards
Sid.

-- 
Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot
Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support 
Specialist, Cricket Coach
Microsoft Windows Free Zone - Linux used for all Computing Tasks



---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-factory+help@opensuse.org

[prev in list] [next in list] [prev in thread] [next in thread]