Hello!
According to official SLES 12 documentation selinux software bits are there, but policy is not. Does that mean Suse does not fully support Selinux? Are the customers on their own (read: self support)?
Anyone actually trying to live and run selinux on sles 12?
I found policy on http://software.opensuse.org/package/selinux-policy-targeted, but I wonder how tested it is. Basically I would like to use it to protect various web projects - mostly with apache and some php.
TomaÂ
tomazsoft,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your issue been resolved? If not, you might try one of the following options:
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.suse.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your SUSE Forums Team
http://forums.suse.com
<<The SELinux framework is supported on SUSE Linux Enterprise Server. This means that SLES offers all binaries and libraries you need to be able to use SELinux on your server. However, a policy is not included and you will also miss some software that you might be familiar with from other Linux distributions.>> Source:
https://www.suse.com/documentation/sles-12/book_security/data/sec_selinux_why.html
[QUOTE=tomazsoft;27078]Hello!
According to official SLES 12 documentation selinux software bits are there, but policy is not. Does that mean Suse does not fully support Selinux? Are the customers on their own (read: self support)?
Anyone actually trying to live and run selinux on sles 12?
I found policy on http://software.opensuse.org/package/selinux-policy-targeted, but I wonder how tested it is. Basically I would like to use it to protect various web projects - mostly with apache and some php.
TomaÂ[/QUOTE]
https://www.suse.com/documentation/sles-12/book_security/data/cha_security.html
it’s supported. almost any time you will have to compile the policy yourself.
Most people stay away from selinux dus to the [problems when debugging, restoring etc. If security is an issue, most of the time you can get away with apparmor.
But again – a good policy is one you make yourself. There is no general recipe.