On Sun, Feb 12, 2017 at 6:43 PM, Tobias Markus <tobias@miglix.eu> wrote:
Hi,
As some of you might know, the question of enabling SELinux support in the official Arch Linux kernel package has been brought up a number of times. The main issue that has been pointed out the previous time was that enabling SELinux depends on CONFIG_AUDIT which is considered unnecessary or even harmful for most desktop users since it generates a flood of kernel log messages.
Hi, Do you have more information about this unwanted flood of messages? From my personal experience on systems with SELinux and audit, the application which produces the biggest number of audit events is Chromium, because of misconfigured seccomp rules that report in audit log every call to set_robust_list(). This has been reported two years ago on Chromium bug tracker and the developers seem unwilling to fix it ( https://bugs.chromium.org/p/chromium/issues/detail?id=456535). If there are similar problems which need to be fixed before thinking of enabling audit compilation in Arch Linux kernel, where can I find information on them? Regards, Nicolas