On Thu, May 7, 2020 at 11:03 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > For a long time now I've wanted to expand my selinux/next kernel > testing to platforms beyond Fedora. I believe that it not only helps > catch problems before the kernel is released, but it also helps ensure > that the underlying distro has all of the necessary pieces (userspace, > policy, etc.) in place to support the latest and upcoming kernels. > > Unfortunately every time I've looked at the state of SELinux in Debian > I've run out of time before I got it working well. I'm not even going > to get into the Debian package format :/ > > I would be very happy to see some work go into lowering the bar on > getting SELinux working on Debian. My Debian experience is pretty > limited, but you can sign me up as a very enthusiastic beta-tester, > just point me at some docs and an ISO :) FWIW, with the just-merged series, if you follow the new instructions in the README.md for Debian, you should be able to successfully build and run the testsuite on Debian stable and unstable (also worked for me on Ubuntu 20.04 aside from needing to obtain libbpf from upstream since it isn't packaged for Ubuntu). The default policy still has some issues (e.g. don't try to use GNOME in enforcing mode) but if you can login as an unconfined user and setenforce 1 via text console or ssh login, you should be able to run the testsuite.
