From: debian@mikapflueger.de (Mika =?ISO-8859-1?B?UGZs/Gdlcg==?=)
Date: Thu, 19 Sep 2013 14:53:52 +0200
Subject: [refpolicy] Fwd: Debian unstable, SELinux and Iceweasel
In-Reply-To: <523AAA38.8020300@ping.de>
References: <52384CD9.60604@ping.de> <5239AEFF.6000902@ping.de>
	<1379533202.16771.17.camel@d30> <523AAA38.8020300@ping.de>
Message-ID: <20130919145352.18d7575d@george.anarkia>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi,

Am 19 Sep 2013 09:39:36 +0200
schrieb "Andreas Kuckartz" <a.kuckartz@ping.de>:
> > However, truth be told, selinux policy is never perfect, and
> > probably never will be. The nature of integrity is to contain
> > processes, but process change over time and so policy configuration
> > needs to change along with it.
> 
> Yes, but the packaged policy should work out of the box as long as
> only Debian packages are installed without any special configuration
> *and* those packages have no security issues.
> 
Yes that is true. Therefore, generally please report bugs in the
debian bts (using reportbug for example) against refpolicy for
individual issues, attaching avc denials /and a description of what
does not work/. You know, if you get an avc denial but everything works
then it is still a bug, but only a wishlist bug.
There are two catches:
1. We will try, but given our resources, we likely won't be able to fix
all bugs. Your help is welcome (-:
2. As dgrift wrote, the policy in debian unstable is very old at the
moment. There is probably no point reporting bugs against it, we won't
fix them before we get a new version of policy into the archive.

Cheers,

Mika

-- 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20130919/7d907f59/attachment.bin