On Fri, Mar 28, 2014 at 11:54 AM, Arthur Țițeică <arthur@psw.ro> wrote:
Hi,
În ziua de Joi 27 Martie 2014, la 23:49:45, Thomas Bächler a scris:
And here is my problem: Audit is enabled by default and must be explicitly disabled by the admin. This is a showstopper for me! There is no kernel option to configure audit to be disabled by default (as far as I am aware) so that it can be enabled with 'audit=1' on the command line.
I couldn't find a definitive answer but the two documents I did find ¹² suggest that having selinux and audit fully functional (not just enabled) has no real performance impact.
Kernel debugging options on the other side seem to have a much bigger impact.
It raises a question mark that the two most important components of a system (systemd and the kernel) have security measures disabled.
People in this thread like to put out the over subjective "lightweight" factor but still there are no bug reports or any other solid evidence that the kernel ate their computers since apparmor, selinux and audit were semi-silently enabled a few builds back.
Exactly my thoughts about this thread. http://i.imgur.com/nfFuu.jpg I'm very much for cleaning up the kernel config from things that factually are useless. Thanks for reading up everyone and keep trying to not step on each other's toes. cheers! mar77i