From: debian@mikapflueger.de (Mika =?ISO-8859-1?B?UGZs/Gdlcg==?=) Date: Thu, 19 Sep 2013 14:53:52 +0200 Subject: [refpolicy] Fwd: Debian unstable, SELinux and Iceweasel In-Reply-To: <523AAA38.8020300@ping.de> References: <52384CD9.60604@ping.de> <5239AEFF.6000902@ping.de> <1379533202.16771.17.camel@d30> <523AAA38.8020300@ping.de> Message-ID: <20130919145352.18d7575d@george.anarkia> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi, Am 19 Sep 2013 09:39:36 +0200 schrieb "Andreas Kuckartz" : > > However, truth be told, selinux policy is never perfect, and > > probably never will be. The nature of integrity is to contain > > processes, but process change over time and so policy configuration > > needs to change along with it. > > Yes, but the packaged policy should work out of the box as long as > only Debian packages are installed without any special configuration > *and* those packages have no security issues. > Yes that is true. Therefore, generally please report bugs in the debian bts (using reportbug for example) against refpolicy for individual issues, attaching avc denials /and a description of what does not work/. You know, if you get an avc denial but everything works then it is still a bug, but only a wishlist bug. There are two catches: 1. We will try, but given our resources, we likely won't be able to fix all bugs. Your help is welcome (-: 2. As dgrift wrote, the policy in debian unstable is very old at the moment. There is probably no point reporting bugs against it, we won't fix them before we get a new version of policy into the archive. Cheers, Mika -- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20130919/7d907f59/attachment.bin