I’m giving up on backporting SELinux to sarge. Too many changes are needed in too many apps to make them really compatible with SELinux. Nothing serious, but just lots and lots of small things.

For example, the amavisd-new package will need a cronjob modification. This has already been resolved (somewhat) for unstable, but it means I would need to provide a modified amavisd-new package or a backport.

I hope that when etch gets released end of the year (and I actually believe this will happen), many issues will already be resolved. But it depends of course on many people using SELinux in different settings.

My most-annoying-issue with SELinux on Debian: cron bug #333837, open for some 300 days now.

The debian cron package will backup e.g. /etc/shadow, which actually sounds like a quite inappropriate place for this task. And of course it’s all in one file named /etc/cron.d/standard, instead of e.g. /etc/cron.d/backup-key-system-files or so, which I could then label backup_exec_t or something else to assign the special privilege of reading shadow files…

It’s bugs like these, unhandled for 300 days, together with having the impression of being the only one trying to get SELinux running and receiving basically no support by the SELinux upstream “community” (which is almost exclusively “enterprise”, it seems). It’s pretty much like everybody wants you to not use SELinux. Or in my case, not enable people to use SELinux on Debian, since I’m not just “joe average user”, but actually trying to add SELinux support to the Debian distribution (which would help Ubuntu to get SELinux, too. The Ubuntu people seem to have given up on SELinux already).