New or Old SELinux

New or Old SELinux

[Martin Sarsale]

[-- Attachment #1: Type: text/plain, Size: 343 bytes --]

Dear All: 
Im trying to install SELinux on a debian stable box. 

I would like to stay in stable but I couldn't find any of the New
SELinux (coreutils, procps, etc) enabled packages for deb stable, so I
guess I'll have to stick with the old SELinux (on kernels 2.4.x).

How old is the old SELinux? Is it insecure?

Thanks in advance

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: New or Old SELinux

[Russell Coker]

On Wed, 28 Jul 2004 05:04, Martin Sarsale <martin@emepe3.net> wrote:
> Im trying to install SELinux on a debian stable box.
>
> I would like to stay in stable but I couldn't find any of the New
> SELinux (coreutils, procps, etc) enabled packages for deb stable, so I
> guess I'll have to stick with the old SELinux (on kernels 2.4.x).
>
> How old is the old SELinux? Is it insecure?

The old SE Linux is quite old, but has no security problems.  There are no 
patches for recent kernels, and the recent kernels fix some security issues, 
so you will have to find back-ports of all the kernel patches in question.

Sarge is about to be frozen, maybe it's best to wait for the Sarge freeze and 
use it.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: New or Old SELinux

[Milan P. Stanic]

On Tue, Jul 27, 2004 at 04:04:05PM -0300, Martin Sarsale wrote:
> I would like to stay in stable but I couldn't find any of the New
> SELinux (coreutils, procps, etc) enabled packages for deb stable, so I
> guess I'll have to stick with the old SELinux (on kernels 2.4.x).

Which kernel version you have on stable, 2.4 or 2.6?

I have backport (it is far from perfect, but it works) for woody with
2.6 kernels at http://www.rns-nis.co.yu/~mps/
It is few months old, though.

Backporting SE Linux utilities and libraries isn't hard at all,
thanks to the excellent work of the Debian maintainer.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: New or Old SELinux

[Russell Coker]

On Wed, 28 Jul 2004 19:46, "Milan P. Stanic" <mps@rns-nis.co.yu> wrote:
> On Tue, Jul 27, 2004 at 04:04:05PM -0300, Martin Sarsale wrote:
> > I would like to stay in stable but I couldn't find any of the New
> > SELinux (coreutils, procps, etc) enabled packages for deb stable, so I
> > guess I'll have to stick with the old SELinux (on kernels 2.4.x).
>
> Which kernel version you have on stable, 2.4 or 2.6?
>
> I have backport (it is far from perfect, but it works) for woody with
> 2.6 kernels at http://www.rns-nis.co.yu/~mps/
> It is few months old, though.

It might be better if you use the backports.org repository if you are going to 
develop packages to share with others.

> Backporting SE Linux utilities and libraries isn't hard at all,
> thanks to the excellent work of the Debian maintainer.

If you could maintain a back-port repository then that would be really good!

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: New or Old SELinux

[Martin Sarsale]

[-- Attachment #1: Type: text/plain, Size: 199 bytes --]

> Sarge is about to be frozen, maybe it's best to wait for the Sarge freeze and 
> use it.
that's what Im going to do.
In the meanwhile I'll play on an unstable machine.

Thanks for everything

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]