SELinux (for IPFire 3.x)

From wikipedia:
Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of Kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency.

It has been integrated into the mainline Linux kernel since version 2.6.

Git Repository

The selinux policy for IPFire 3.x is stored in its own git repositry:


The initial commit was an import of the Fedora policy, because it's the biggest major distribution which developes and uses SELinux. From time to time we will merge important upstream fixes from Fedora.

Modules to remove

This selinux modules can be removed, because this programms probably never will run on IPFire.


  • amtu
  • anaconda
  • apt
  • backup
  • dpkg
  • firstboot
  • kudzu
  • mcelog
  • ncftool
  • portage
  • rpm
  • sectool
  • shorewall
  • smoltclient
  • updfstab


  • ada
  • chrome
  • evolution
  • firewallgui
  • games
  • gift
  • gitosis
  • gnome
  • kde
  • kdumpgui
  • livecd
  • mono
  • mozilla
  • nsplugin
  • podsleuth
  • sambagui
  • telepathy
  • thumb
  • thunderbid
  • tvtime
  • usernetctl
  • wine
  • wm
  • yam


  • gnomeclock

FIXME - Feel free to add additional modules, if we can remove them

Edit Page ‐ Yes, you can edit!

Older Revisions • November 23, 2020 at 3:39 am • Jon