如何在 Debian 8.7 中设置最新稳定的 SELinux 策略?

tag-icon tag-icon debian selinux
如何在 Debian 8.7 中设置最新稳定的 SELinux 策略?

我正在按照指南的第 12 步进行操作这里,但没有发现任何新近且稳定的政策,只有“旧”的东西存在且不稳定。代码和输出

masi@masi:~$ apt search SELinux | grep selinux

WARNING: apt does not have a stable CLI interface yet. Use with caution in scripts.

android-libselinux/unstable 7.0.0+r1-2 amd64
android-libselinux-dev/unstable 7.0.0+r1-2 amd64
libselinux1/oldstable,oldstable,now 2.3-2 amd64 [installed]
libselinux1-dev/oldstable,oldstable 2.3-2 amd64
python-selinux/oldstable,oldstable 2.3-2 amd64
python3-selinux/unstable 2.6-3+b1 amd64
ruby-selinux/oldstable,oldstable 2.3-2 amd64
selinux-basics/oldstable,oldstable 0.5.2 all
selinux-policy-default/unstable 2:2.20161023.1-9 all
selinux-policy-dev/unstable 2:2.20161023.1-9 all
selinux-policy-doc/unstable 2:2.20161023.1-9 all
selinux-policy-mls/unstable 2:2.20161023.1-9 all
selinux-policy-src/unstable 2:2.20161023.1-9 all
selinux-utils/oldstable,oldstable 2.3-2 amd64

测试2

完成步骤这里安装policycoreutils-python。代码但失败的依赖项

masi@masi:/etc/ssh$ sudo apt install policycoreutils-python-utils
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 policycoreutils-python-utils : Depends: policycoreutils (= 2.6-3) but it is not going to be installed
                                Depends: python3-audit but it is not going to be installed
                                Depends: python3-selinux (>= 2.6) but it is not going to be installed
                                Depends: python3-semanage (>= 2.6) but it is not going to be installed
                                Depends: python3-sepolgen (>= 2.6) but it is not going to be installed
                                Depends: python3-sepolicy (= 2.6-3) but it is not going to be installed
                                Depends: libselinux1 (>= 2.6) but 2.3-2 is to be installed
                                Depends: libsepol1 (>= 2.6) but 2.3-2 is to be installed
E: Unable to correct problems, you have held broken packages.

操作系统:Debian 8.7

答案1

debian jessie 不完全支持 Selinux

Debian 手册

警告参考政策不在杰西

不幸的是,refpolicy 源包的维护者没有处理其包上的发布关键错误,并且该包已从 jessie 中删除。这意味着 selinux-policy-* 软件包当前无法安装在 jessie 中,需要从其他地方获取。希望他们能在某一版本或杰西向后移植中回归。与此同时,你可以从不稳定的地方获取它们。

这种悲惨的情况至少证明 SELinux 在运行 Debian 开发版本的用户/开发人员中并不是很受欢迎。因此,如果您选择使用 SELinux,您应该预料到默认策略不会完美运行,您将不得不投入相当多的时间来使其适合您的特定需求。

selinux-policy-default软件包仅适用于 debian Wheezy 、 Stretch 、 Buster 和 Sid。

相关内容