Comment 3 for bug 12080

(In reply to comment #2)
> (In reply to comment #0)
> > As one of the Hoary goals, the deployment of Security-Enhanced Linux needs both
> > userland and kernel space modifications.Userland modifications don't have
> > negative impact in the performance, and SELinux can be enabled and disabled in
> > runtime and boot time.
>
> Note: SELinux, as documented on the HoaryGoals page in the wiki, was determined
> to be too disruptive to enable for the Hoary release, and the work should rather
> be done in a derivative distribution before being integrated.

SELinux wouldn't be enabled by default in Hoary AFAIK as kernels will come with
selinux=0.

> > Current PAM version for both Sid and Hoary is 0.76, which lacks of latest bug
> > fixes and extra features.
> > Of course it lacks also SELinux support.
> >
> > I've made available an upgraded packages for Hoary, bringing an updated PAM
> > (0.77) with SELinux support, based on Russell Coker's packages, who was the man
> > working on SELinux deployment in Debian and did many work on it.
>
> Neither PAM 0.76 nor PAM 0.77 support SELinux without additional patches. Are
> the patches incompatible with PAM 0.76?

Latest patches come from Fedora's CVS, as userland patches wouldn't be hosted
anymore on the NSA website AFAIK.
Latest are for 0.78, as you can see at
http://cvs.fedora.redhat.com/viewcvs/devel/pam/pam-0.78-selinux.patch?rev=1.1&view=auto.

> Do the changes from PAM 0.76 to PAM
> 0.77 justify an exception to the release guidelines documented in the wiki?

Maybe if we want to achieve the goal of having Hoary at least prepared for
future SELinux
deployment in a reasonable time manner.

But at least, that's Ubuntu's developers decision, as I seem not a visible vocal
user base,
even not a candidate for being to, that's also not my decision, I'm just trying
to help.

Cheers,
Lorenzo.