2 Apr
2014
2 Apr
'14
10:50 p.m.
The audit support required by these can't be compiled in without it being enabled. It's useless crap for anyone who isn't working for a bureaucracy and it spams the logs. It is also completely broken with namespaces, so it doesn't work at all with containers or application sandboxes. If and when this stuff can be built as *modules* with no impact on people not making use of it and someone is willing to maintain the userspace support in the official repositories, then enabling it may make sense. Until then, you can use any sane LSM module without recompiling the kernel by building just the module you plan on using and loading it.