On Thu, Apr 7, 2011 at 6:46 AM, Thomas S Hatch <thatch45@gmail.com> wrote:
On Wed, Apr 6, 2011 at 4:32 PM, Heiko Baums <lists@baums-on-web.de> wrote:
Am Wed, 6 Apr 2011 16:25:42 -0600 schrieb Thomas S Hatch <thatch45@gmail.com>:
As for adding SELinux support in base but keeping it turned off by default, +1
Then you mean adding it to [core]. (base) is supposed to be installed on every system. And SELinux is definitely not necessary for a minimal base Linux installation.
Heiko
SELinux is a compile flag in the kernel and base utils, it is not required for a minimal system, but just adding the compile flags is a minor change and makes setting up more secure systems a possibility.
I think that the only reason it is omitted is because most people are horrified by it, but if it is disabled by default then it is off and no one need know that support is compiled in.
I would just like to chime in and point out that if we want to allow selinux, then we would need someone committed to supporting it. I have never used it myself, but from what I hear it would need to be supported by things like initscripts to be used properly. If such support can be added elegantly and securely then I am not opposed to it. Cheers, Tom