So I have now installable packages and tools for the mysterious, wondrous SERefPolicy. You can grab them at http://selinux.alioth.debian.org/experimental

Note that I havn’t tried using the policy yet. For example, the policy is missing dpkg and apt-get rules. So don’t even think of running it on a production system, there is still lots of stuff to do.

But I just, for the first time, managed to use “semodule”, and actually add and remove modules from the modular policy. Yay!

Now we just need to rewrite tons of policy in an even cryptier language, using even more M4 macro hell… ;-)

Oh, and then we need to fix that Make bug effecting unstable, so we can actually build the new policy… ;-)

We definitely need more people working on SELinux support in Debian.