Como configurar as recentes políticas SELinux estáveis no Debian 8.7?

3

Estou seguindo a etapa 12 do guia aqui , mas não encontrei nenhuma política recente e estável, apenas "velhas" coisas lá e instável. Código e saída

masi@masi:~$ apt search SELinux | grep selinux

WARNING: apt does not have a stable CLI interface yet. Use with caution in scripts.

android-libselinux/unstable 7.0.0+r1-2 amd64
android-libselinux-dev/unstable 7.0.0+r1-2 amd64
libselinux1/oldstable,oldstable,now 2.3-2 amd64 [installed]
libselinux1-dev/oldstable,oldstable 2.3-2 amd64
python-selinux/oldstable,oldstable 2.3-2 amd64
python3-selinux/unstable 2.6-3+b1 amd64
ruby-selinux/oldstable,oldstable 2.3-2 amd64
selinux-basics/oldstable,oldstable 0.5.2 all
selinux-policy-default/unstable 2:2.20161023.1-9 all
selinux-policy-dev/unstable 2:2.20161023.1-9 all
selinux-policy-doc/unstable 2:2.20161023.1-9 all
selinux-policy-mls/unstable 2:2.20161023.1-9 all
selinux-policy-src/unstable 2:2.20161023.1-9 all
selinux-utils/oldstable,oldstable 2.3-2 amd64

Teste 2

Concluindo as etapas aqui para instalar policycoreutils-python . Código, mas dependências com falha

masi@masi:/etc/ssh$ sudo apt install policycoreutils-python-utils
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 policycoreutils-python-utils : Depends: policycoreutils (= 2.6-3) but it is not going to be installed
                                Depends: python3-audit but it is not going to be installed
                                Depends: python3-selinux (>= 2.6) but it is not going to be installed
                                Depends: python3-semanage (>= 2.6) but it is not going to be installed
                                Depends: python3-sepolgen (>= 2.6) but it is not going to be installed
                                Depends: python3-sepolicy (= 2.6-3) but it is not going to be installed
                                Depends: libselinux1 (>= 2.6) but 2.3-2 is to be installed
                                Depends: libsepol1 (>= 2.6) but 2.3-2 is to be installed
E: Unable to correct problems, you have held broken packages.

OS: Debian 8.7

    
por Léo Léopold Hertz 준영 20.06.2017 / 00:54

1 resposta

3

O Selinux não é totalmente suportado no jessie debian

O manual do debian

CAUTION Reference policy not in jessie

Unfortunately the maintainers of the refpolicy source package did not handle release critical bugs on their package and the package got removed from jessie. This means that the selinux-policy-* packages are currently not installable in jessie and need to be fetched from another place. Hopefully they will come back in one of the point releases or in jessie-backports. In the meantime, you can grab them from unstable.

This sad situation at least proves that SELinux is not very popular in the set of users/developers who are running the development versions of Debian. Thus, if you opt to use SELinux, you should expect the default policy to not work perfectly and you will have to invest quite some time to make it suitable to your specific needs.

O pacote selinux-policy-default está disponível apenas para o debian Wheezy, Stretch, Buster e Sid .

    
por 20.06.2017 / 15:31