On 3/20/2024 8:50 AM, Stephen Smalley wrote: > On Tue, Mar 19, 2024 at 7:03 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: >> It would be very helpful if I could find documentation about, or even a >> list of, system services that have been enhanced in support of SELinux. >> I'm doing this as part of the LSM stacking effort, looking for things that >> may require additional work for the multiple LSM environment. I already >> know about systemd, dbus and the pam module. > (re-send in plaintext mode, with some additional info appended at the end) > > There is an old list at > https://github.com/SELinuxProject/selinux/wiki/Userspace-Packages > > But the only way to get an accurate up-to-date list is to use your > favorite package manager and ask it for the list of all packages that > depend on libselinux. That will be more than just services of course. > Technically that might not get all of them since some could just be > directly using the xattr system calls, the /proc/pid/attr interface, > and/or the /sys/fs/selinux interface without using the libselinux > wrappers. > > Some SELinux-aware services besides the ones you listed above and not > in the original list on GitHub include nscd (part of glibc), sssd, > Xorg, PostgreSQL, libvirtd, all the modern cron variants, and various > container runtimes/daemons. The extent to which they use SELinux APIs > varies though, from those that are merely getting/setting SELinux > process or file contexts to full-fledged userspace object managers / > policy enforcers. > > Then there is a completely different list for Android, but not sure > you care about it. Thank you, that's been a big help. Turns out Fedora 39 installs 93 packages with "selinux" in the title. Yoiks!
