The next openSUSE version is in the queue, milestone 3 of 11.2 was already released during LinuxTag last week.
We try to make 11.2 more SELinux-enabled than before. When you watch the security:SELinux (account needed) repository you may have recognized some changes during the last days. What did we changed so far:
- mkinitrd (Base:System): needs a little patch to mount /proc of the root filesystem to make the SELinux functions in init happy
- selinux-policy (security:SELinux): a new package that contains some sample policies as well as a config file (/etc/selinux/config)
- libselinux (security:SELinux): now includes a script named selinux-ready to verify if your system's configuration is suitable to run SELinux and give you hints of solving possible hurdles
So far it is still needed to install the packages, adding the boot-parameters (selinux=1 enforcing=0), and to make the directory /selinux (we don't want to pack this dir in a package - FHS).
What is on our TODO list:
- I hope we can add a yast-module to 11.2 to enable SELinux by one or two clicks
- everything else that is needed to enable basic SELinux support (looking at F11 ATM)
- we will not provide a policy or enable SELinux by default for now, but hopefully later
Posts
0 comments:
Post a Comment