On Sat, Apr 19, 2014 at 11:47 PM, Daniel Micay <danielmicay@gmail.com> wrote:
On 19/04/14 05:25 PM, Tom Gundersen wrote:
On Sat, Apr 19, 2014 at 9:59 PM, Daniel Micay <danielmicay@gmail.com> wrote:
Users have been asking for MAC to be provided in the repositories for a long time. At the moment, two bugs are open about it:
https://bugs.archlinux.org/task/37578 https://bugs.archlinux.org/task/39852
Any of these reported bugs could simply be closed with the response that the grsecurity RBAC is provided in the repositories and there's no one interested in maintaining another. I think that's a response most people would be satisfied with, but users aren't going to be very happy with an a WONTFIX simply saying Arch has no official support for any of this.
I would see this the other way around (which is one of the reasons I don't think adding forks of the kernel is such a great idea). It would be very nice if we could manage to support some more security features in the main kernel, but asking people to use an alternative kernel if they want security features seems wrong. Especially if it is used as an excuse not to get things that are already upstream working with the main kernel we provide.
These features aren't in the regular kernel though.
I was referring to SELinux and TOMOYO. Cheers, Tom