[arch-general] SELinux packages status update

Timothée Ravier siosm99 at gmail.com
Sun Nov 3 15:32:49 EST 2013


I've updated all the SELinux related packages in the AUR. I've changed
most packages names to better fit with upstream names and AUR naming
policy (selinux-pam -> pam-selinux; selinux-usr-libselinux ->
libselinux). I'll keep the old ones a week or two, just in case, then
I'll ask for deletion.

I've only tested those packages in SELinux _disabled_ mode as currently
there aren't any usable policy. I'll be working on this from now on.

Status of core packages that requires patches or rebuild:

* linux:      rebuild. bug opened in the Arch bugtracker;
* coreutils:  rebuild (links with libselinux);
* cronie:     rebuild '--with-selinux' flag;
* findutils:  need SELinux patch, can be upstreamed, but is upstream
              still alive ?
* openssh:    rebuild '--with-selinux' flag;
* pambase:    configuration changes to add pam_selinux.so;
* pam:        rebuild '--enable-selinux' flag for Linux-PAM, patch for
              pam_unix2, which only removes a function already
              implemented in a library elsewhere. Is there an
              upstream here? I couldn't find one;
* psmisc:     small patch, already upstream. Will be in version 22.21;
* shadow:     rebuild '-lselinux' and '--with-selinux' flags;
* sudo:       rebuild '--with-selinux' flag;
* systemd:    rebuild '--enable-selinux' flag;
* util-linux: rebuild '--with-selinux' flag;


1 rebuild as-is,
8 rebuild with additional flags/config,
3 rebuild with patches required (with one already upstream and two
potentially dead upstream).

I think this looks good!

Suggestions for packages are welcomed as AUR comments or issues on
GitHub: https://github.com/Siosm/siosm-selinux

A repository with signed packages for x86-64 only is available at
http://repo.siosm.fr/siosm-selinux/ (See
https://tim.siosm.fr/repositories/ if you need instructions or GPG
public key).

I'll also update the Arch Wiki SELinux page soon.

I'll setup an other repository for the SELinux policy as soon as I have
something which can boot in enforcing mode.



More information about the arch-general mailing list