From: Stephen Smalley <stephen.smalley.work@gmail.com>
To: Dac Override <dac.override@gmail.com>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH] selinux-testsuite: update to work on Debian
Date: Wed, 6 May 2020 16:07:45 -0400 [thread overview]
Message-ID: <CAEjxPJ4Dryp2QFAg0a6xwNzp15HELSy5AcGPb=AzM9y-xzaHYw@mail.gmail.com> (raw)
In-Reply-To: <CAJVWAV3Aq1VQodmLSOr-qV4AFXTz7CPV4fEUuSTqBTHseOFzpw@mail.gmail.com>
On Wed, May 6, 2020 at 4:03 PM Dac Override <dac.override@gmail.com> wrote:
> I think one reboot should be enough but i don't see how you would do
> it without rebooting at all.
> By adding selinux=1 on the kernel boot line you effectively disable
> apparmor (the apparmor service unit has a condition that disables when
> selinux=1 i believe)
> You dont need that selinux-activate script either. The pam config
> should be set up out of the box.
> all that remains it the kernel boot options and relabel AFAIK. The
> boot options can be added without booting by editing /etc/default/grub
> and running update-grub, but relabeling requires a reboot.
>
> Enabling SELinux is actually amazingly simple considering the circumstances.
With installer support for SELinux, it should be possible to specify
SELinux enablement as part of the original install and avoid the need
for a separate step to modify any configurations, relabeling, or
rebooting. Just like Fedora. That said, I don't know if such an
installation option would be accessible via travis-ci configuration
and thus still might not be possible to enable SELinux on a travis-ci
instance unless using your own infrastructure.
next prev parent reply other threads:[~2020-05-06 20:07 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-06 0:53 [PATCH] selinux-testsuite: update to work on Debian Stephen Smalley
2020-05-06 13:44 ` Stephen Smalley
2020-05-06 14:57 ` William Roberts
2020-05-06 15:50 ` Stephen Smalley
2020-05-06 15:54 ` William Roberts
2020-05-06 16:37 ` Russell Coker
2020-05-07 8:35 ` Laurent Bigonville
2020-05-07 12:51 ` Stephen Smalley
2020-05-07 13:13 ` Petr Lautrbach
2020-05-07 13:32 ` Stephen Smalley
2020-05-07 13:41 ` Laurent Bigonville
2020-05-08 3:03 ` Paul Moore
2020-05-13 15:51 ` Stephen Smalley
2020-05-15 16:27 ` William Roberts
2020-05-15 16:41 ` Ondrej Mosnacek
2020-05-15 16:46 ` William Roberts
2020-05-15 17:18 ` Ondrej Mosnacek
2020-05-15 17:24 ` William Roberts
2020-05-07 14:49 ` Russell Coker
2020-05-07 14:54 ` Stephen Smalley
2020-05-07 15:01 ` William Roberts
2020-05-07 15:12 ` Stephen Smalley
2020-05-07 15:22 ` William Roberts
2020-05-12 11:19 ` Petr Lautrbach
[not found] ` <CAJVWAV07O-cQ5EzqYpodjeVRjdtD7ga=bUwEiTm00BaKRMiyFQ@mail.gmail.com>
2020-05-06 19:17 ` Fwd: " Dac Override
2020-05-06 20:07 ` Stephen Smalley [this message]
2020-05-06 19:37 ` Ondrej Mosnacek
2020-05-06 19:57 ` Stephen Smalley
2020-05-06 20:26 ` Stephen Smalley
2020-05-07 8:24 ` Ondrej Mosnacek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEjxPJ4Dryp2QFAg0a6xwNzp15HELSy5AcGPb=AzM9y-xzaHYw@mail.gmail.com' \
--to=stephen.smalley.work@gmail.com \
--cc=dac.override@gmail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.