On Fri, Apr 8, 2011 at 10:36 AM, Yaro Kasear <yaro@marupa.net> wrote:
On Friday, April 08, 2011 05:43:51 Kaiting Chen wrote:
On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
And on a side note, I don't like archlinux forcing users to use SELinux because users should have a choice to use any MAC software they want. That's why AppArmor /Tomoyo are nicer solutions cause they don't require recompiling of packages -> increasing bugs/problems.
If we compile our packages with SELinux support, does that force users to use SELinux? I was under the impression that these changes would be completely benign on non-SELinux enabled systems. --Kaiting.
No, SELinux-patched tools do not force one to use SELinux. But they can potentially have plenty of bugs introduced by the patches. And there's the fact that SELinux is not necessary and there's not point in putting it in the default Arch install just for the minority who'll actually use it. At most, it should be in [core]. At the very least, [community]. I definitely see no good reason to make it part of the base install, though.
Yaro makes many good points, I think that my recommendation would be to allow someone to maintain support for SELinux in community. If SELinux support is deemed something that would be a good idea to move to core in the future than do so, otherwise leave it in community.