[arch-general] Experiences with SELinux on Arch
Hi, since I won't get an answer on the forum except "Read the Wiki" which isn't helpful, I ask here. Is here anybody with real world experiences with SELinux on Arch? The forum states the userland tools as "work in progress" which doesn't say anything about the progress… I'd like to know how easy SELinux is to use on Arch. I am just starting out to (re-)enabling it on my CentOS-servers and there it is actually not that hard after all nowadays because of the great tools available. But how about Arch? Niels
On Fri, Jan 22, 2016 at 4:59 AM, Niels Kobschaetzki <niels@kobschaetzki.net> wrote:
since I won't get an answer on the forum except "Read the Wiki" which isn't helpful, I ask here. Is here anybody with real world experiences with SELinux on Arch? The forum states the userland tools as "work in progress" which doesn't say anything about the progress… I'd like to know how easy SELinux is to use on Arch. I am just starting out to (re-)enabling it on my CentOS-servers and there it is actually not that hard after all nowadays because of the great tools available. But how about Arch?
Have you read the wiki? Besides the actual content, the fact that there is a page (and the activity ilevel ofthe page) should answer your question pretty quickly.
On 16/01/22 10:14, Oon-Ee Ng wrote:
On Fri, Jan 22, 2016 at 4:59 AM, Niels Kobschaetzki <niels@kobschaetzki.net> wrote:
since I won't get an answer on the forum except "Read the Wiki" which isn't helpful, I ask here. Is here anybody with real world experiences with SELinux on Arch? The forum states the userland tools as "work in progress" which doesn't say anything about the progress… I'd like to know how easy SELinux is to use on Arch. I am just starting out to (re-)enabling it on my CentOS-servers and there it is actually not that hard after all nowadays because of the great tools available. But how about Arch?
Have you read the wiki? Besides the actual content, the fact that there is a page (and the activity ilevel ofthe page) should answer your question pretty quickly.
Have you read my e-mail? Have you experiences with SELinux? Yes, of course I read the wiki and googled around for a couple of hours before I ask questions. Niels
On 01/22/16 at 05:26am, Niels Kobschaetzki wrote:
On 16/01/22 10:14, Oon-Ee Ng wrote:
On Fri, Jan 22, 2016 at 4:59 AM, Niels Kobschaetzki <niels@kobschaetzki.net> wrote:
since I won't get an answer on the forum except "Read the Wiki" which isn't helpful, I ask here. Is here anybody with real world experiences with SELinux on Arch? The forum states the userland tools as "work in progress" which doesn't say anything about the progress… I'd like to know how easy SELinux is to use on Arch. I am just starting out to (re-)enabling it on my CentOS-servers and there it is actually not that hard after all nowadays because of the great tools available. But how about Arch?
Have you read the wiki? Besides the actual content, the fact that there is a page (and the activity ilevel ofthe page) should answer your question pretty quickly.
Have you read my e-mail? Have you experiences with SELinux?
Simple answer is, our kernel does not support SELinux and won't in the future. [1] So you are basically on your own, build the kernel, core and tools from AUR. You might want to look at Grsecurity though, since more people use it with Arch and it has a package in [community]. [2] [1] https://bugs.archlinux.org/task/31448 [2] https://wiki.archlinux.org/index.php/Grsecurity
Yes, of course I read the wiki and googled around for a couple of hours before I ask questions.
Niels
-- Jelle van der Waa
Hi Niels,
since I won't get an answer on the forum except "Read the Wiki" which isn't helpful, I ask here. Is here anybody with real world experiences with SELinux on Arch? The forum states the userland tools as "work in progress" which doesn't say anything about the progress… I'd like to know how easy SELinux is to use on Arch. I am just starting out to (re-)enabling it on my CentOS-servers and there it is actually not that hard after all nowadays because of the great tools available. But how about Arch?
You might want to look at this project: https://github.com/archlinuxhardened/selinux https://github.com/archlinuxhardened/selinux-policy-arch I know Nicolas is working on making it as easy as possible to use SELinux on Arch, and he is doing a great job.
Hello, I too was trying SELinux but gave up, it was more trouble than it was worth. You may want to try Apparmor, it's what I put my efforts into afterwards and is easier to manage and understand. It requires compiling the kernel as well, but no patches to anything else. You can easily create profiles yourself (much easier than SELinux policies), completely sandboxing any process you want. Hope this helps, João Miguel
participants (5)
-
Jelle van der Waa
-
João Miguel
-
Niels Kobschaetzki
-
Oon-Ee Ng
-
Remi Gacogne