Talk:SELinux/Installation

Update

Very interesting documentation for starting on it, but I think an update with new profile (17.0 stable and/or 17.1 exp) is needed. On new profiles, it seems the /tmp is on the context without edit fstab and with OpenRC. Also, is possible add a command for list actual context, for example check if the tmpfs really complies the rules? Regards. Mustela (talk) 09:31, 7 September 2018 (UTC)

LSM

In the latest kernels, there is no “Default security module”. Instead one have to use “Ordered list of enabled LSMs”. The documentation should be updated accordingly. Sorry if I cannot do it myself, I am totally new at using SELinux and wouldn’t want to write something wrong. Stéphane, Gentoo in the Alps (talk) 17:04, 9 April 2021 (UTC)

As of 2024-03-08, the mentioned information is already in the article. --Lars Hint (talk) 10:55, 8 March 2024 (UTC)

SELinux related USE flags outdated

I'm not sure when this changed, but the listed USE flags are wrong for the sec-policy/selinux-base package. ILMostro (talk) 07:41, 24 November 2021 (UTC)

Confirmed. Fixed. --Lars Hint (talk) 11:10, 8 March 2024 (UTC)

PaX/grsecurity recommendation

It is seriously recommended to use SELinux together with other hardening improvements (such as PaX / grSecurity).

Is the PaX/grsec recommendation still relevant considering they stopped giving the patches out for free? The hardened-sources kernel used to provide grsec, but that's long gone now and the only way to use it would be to provide the patches yourself. I feel like this recommendation would only confuse users who aren't familiar with the grsec story already. xxc3nsoredxx (talk) 04:15, 18 October 2022 (UTC)

When to reboot?

reboot after rebuild is mentioned, but nowhere in there a mark actually saying "reboot now"? --Damobrisbane (talk) 22:59, 7 March 2023 (UTC)

The reboot is required before relabeling. Now it's mentioned. --Lars Hint (talk) 10:50, 8 March 2024 (UTC)