On Mon, 2019-08-12 at 11:26 +0200, Neal Gompa wrote:
Hey all,
One of the things that has been bothering me for a couple of years now is how broken the SELinux stack in openSUSE has been. I know that the SUSE distributions have supported AppArmor and SELinux with AppArmor as the default, but I was surprised to see how easy it was to break my system using the SELinux policy that openSUSE ships.
To that end, I've started engaging with the upstream for Fedora's SELinux policy on getting the pieces in place for it to work on openSUSE. I've started work on porting the selinux-policy used in Fedora to openSUSE and collecting the delta of things to send upstream. Upstream was quite excited to hear about getting the policy in openSUSE and has been willing to help me in doing so.
The good news is my local tests indicate that the system works quite a bit better as it is with selinux-policy from there. The bad news at the moment is that it's still not quite where I want it to be. I hope to get some initial work uploaded into OBS soon and proceed from there.
If anyone is interested in assisting with this, let me know. I'd greatly appreciate help from the existing SELinux stack maintainers and anyone else interested in having working SELinux on openSUSE.
Best regards, Neal
Hi Neal, I think this is an awesome idea. I feel openSUSE really needs better SELinux support and I'd like to see SUSE as well as folks like you in the openSUSE community really driving this forward. Regards, -- Richard Brown Linux Distribution Engineer - Future Technology Team Chairman - openSUSE Phone +4991174053-361 SUSE Linux GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org