Package versions symbolizing release dates in this case indicate selinux got no recent love and might be broken for Debian unstable.
Thank you for replying, Ralul. Unfortunately, your answer is what I feared most, that Selinux may be broken for Debian Unstable. And I'm not sure if it's any less broken on Stable or Testing - I may give it a try in another partition to find out.
Are you aware some Desktop applications don't work with selinux? (chromiums sandboxing)
I was aware that some apps might choke on Selinux, though I didn't know that Chromium specifically had a problem. I would assume that on Fedora (where Selinux is installed by default), the developers would have to adjust their policy to deal with that - else, no Chromium on Fedora. I haven't run Fedora in several years, so I have no idea how well it plays with popular desktop apps (like Chromium).
As you can see, it is not easy to implement the most perfect security scheme. There had to be US military institutions funding to develop this. There are more easy approaches: Apparmor, Tomoyo, Smack
I have heard that Selinux is not pleasant to configure, though it's supposed to be very good at swatting intrusions once it has been set up. I would be willing to try other alternatives (ie Apparmor) if I was sure they wouldn't cause Siduction to crash and burn (as Selinux did). Have you got any personal experience on Debian with any of the MACs that you suggested?
Keep in mind: The most perfect solution does nothing but good feeling if implemented and configured wrongly.
I couldn't agree more. I'm hoping that someone will put together a Selinux package for Debian Unstable that will "just work". That is to say, properly configured by the developers (I'm not capable of configuring Selinux myself).
By the way: What intrusion vectors and risks do you want to fight against?
Now that's an interesting question. Lately there have been a number of exploits that have hit Linux servers hard. You've probably heard about Linux/Cdorked.A, a very sophisticated exploit that isn't fully understood yet by security experts:
http://www.ananova.com/watch-out-for-sneaky-linuxcdorked-a/I don't know if Selinux would block Linux/Cdorked.A, but it seems possible. Certainly seems better than just doing nothing besides hoping you're safe.
Thank you again for your message.
cheers,
Paraquat