As some of you might know, the question of enabling SELinux support in the official Arch Linux kernel package has been brought up a number of times. The main issue that has been pointed out the previous time was that enabling SELinux depends on CONFIG_AUDIT which is considered unnecessary or even harmful for most desktop users since it generates a flood of kernel log messages.
Citing Thomas Bächler's previous post (in 2014) on the matter :
And here is my problem: Audit is enabled by default and must be explicitly disabled by the admin. This is a showstopper for me! There is no kernel option to configure audit to be disabled by default (as far as I am aware) so that it can be enabled with 'audit=1' on the command line.
Actually, I think there is a perfectly valid and simple way to disable audit by default: By using the built-in kernel command line. This makes it possible to specify a number of kernel parameters at build time that the kernel prepends to the usual command line it gets from the bootloader. By specifying
in the configuration , the audit subsystem is disabled by default, but users intending to use it can do so by manually setting audit=1 on the bootloader's command line. That in turn would override the audit=0 specified on the built-in command line.
I would be glad if Arch Linux's official kernel could support SELinux again this way!
Thanks for your comments, Tobias
 https://lists.archlinux.org/pipermail/arch-general/2014-March/03567 9.html  For menuconfig, look at the very end under "Processor type and features"