Le lundi 13 février 2017 16:26:46 CET Tobias Markus a écrit :
Enabling the audit/SELinux config option in itself is not really a maintenance burden.
Userspace tools, SE policies... the 'users interested in trying out SELinux' won't do that.
but wouldn't you agree that the Wiki page asking you to compile your own kernel first somewhat hinders users interested in trying out SELinux?
A huge interest will lead them to build from scratch.
I don't think that the theoretical next step in Arch Linux SELinux support, i.e. userspace tools in [community]/[extra], could ever be
done if the actual kernel does not support SELinux.
The theoretical next step is not a natural move. Arch users do not have military grade security needs. Even sensitive industries like power plants, or less sensitive businesses like the post office, won't use a bleeding edge distro like Arch.