PDA

View Full Version : sles 12 and selinux



tomazsoft
20-Mar-2015, 10:37
Hello!

According to official SLES 12 documentation selinux software bits are there, but policy is not. Does that mean Suse does not fully support Selinux? Are the customers on their own (read: self support)?

Anyone actually trying to live and run selinux on sles 12?

I found policy on http://software.opensuse.org/package/selinux-policy-targeted, but I wonder how tested it is. Basically I would like to use it to protect various web projects - mostly with apache and some php.

Tomaž

Automatic reply
25-Mar-2015, 05:30
tomazsoft,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit http://www.suse.com/support and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.suse.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.suse.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your SUSE Forums Team
http://forums.suse.com

AndreasMeyer
13-Sep-2015, 13:15
<<The SELinux framework is supported on SUSE Linux Enterprise Server. This means that SLES offers all binaries and libraries you need to be able to use SELinux on your server. However, a policy is not included and you will also miss some software that you might be familiar with from other Linux distributions.>> Source:

https://www.suse.com/documentation/sles-12/book_security/data/sec_selinux_why.html

roelandjansen
27-Nov-2015, 15:03
Hello!

According to official SLES 12 documentation selinux software bits are there, but policy is not. Does that mean Suse does not fully support Selinux? Are the customers on their own (read: self support)?

Anyone actually trying to live and run selinux on sles 12?

I found policy on http://software.opensuse.org/package/selinux-policy-targeted, but I wonder how tested it is. Basically I would like to use it to protect various web projects - mostly with apache and some php.

Tomaž


https://www.suse.com/documentation/sles-12/book_security/data/cha_security.html

it's supported. almost any time you will have to compile the policy yourself.

Most people stay away from selinux dus to the [problems when debugging, restoring etc. If security is an issue, most of the time you can get away with apparmor.
But again -- a good policy is one you make yourself. There is no general recipe.