Debian is participating in the Google Summer of Code

again.

Russell Coker offers to mentor SELinux projects, and so do I. I’m available for mentoring SELinux and Debtags related projects in particular.

This years idea pool in the Debian Wiki. Make sure to also check last years idea pool (some of which will no longer be open, though). And of course your idea doesn’t need to be on these pages already; we’re of course interested in anything that goes beyond that.

One thing with SELinux I’m particularly interested in is install scripts. That is quite some work to do, and you might want to automate it somewhat.

Debian install scripts can be quite complex. Some things are obvious such as restarting services on upgrade. But some scripts do much more.

SELinux uses a deny by default approach (which is the only sane security approach, btw.); in particular this means that many Debian install scripts will be failing.

Right now, package postinst scripts are being run with the full permissions of the apt-get domain. It would be good to reduce that to a “postinst” domain. It would be a possible GSoC project to analyze which permissions package postinst scripts need, and if we can e.g. add a “postinst extended” domain for just a few postinst scripts that really need extended permissions.

An example for extended postinst tasks in Debian (I don’t think Redhat, Fedora or Gentoo does that yet): precompiling all python modules for all installed python versions (and to avoid having programs try to precompile them on demand, which will result in audit errors and such). I wrote a module for that called python-support. It adds a restricted domain which can exactly do this task of precompiling Python. But there is other such stuff, such as updating the menus, managing alternatives etc.

But feel free to suggest your own ideas.