[arch-dev-public] providing grsecurity in [community]
Tom Gundersen
teg at jklm.no
Sat Apr 19 18:18:03 EDT 2014
On Sat, Apr 19, 2014 at 11:47 PM, Daniel Micay <danielmicay at gmail.com> wrote:
> On 19/04/14 05:25 PM, Tom Gundersen wrote:
>> On Sat, Apr 19, 2014 at 9:59 PM, Daniel Micay <danielmicay at gmail.com> wrote:
>>> Users have been asking for MAC to be provided in the repositories for a
>>> long time. At the moment, two bugs are open about it:
>>>
>>> https://bugs.archlinux.org/task/37578
>>> https://bugs.archlinux.org/task/39852
>>>
>>> Any of these reported bugs could simply be closed with the response that
>>> the grsecurity RBAC is provided in the repositories and there's no one
>>> interested in maintaining another. I think that's a response most people
>>> would be satisfied with, but users aren't going to be very happy with an
>>> a WONTFIX simply saying Arch has no official support for any of this.
>>
>> I would see this the other way around (which is one of the reasons I
>> don't think adding forks of the kernel is such a great idea). It would
>> be very nice if we could manage to support some more security features
>> in the main kernel, but asking people to use an alternative kernel if
>> they want security features seems wrong. Especially if it is used as
>> an excuse not to get things that are already upstream working with the
>> main kernel we provide.
>
> These features aren't in the regular kernel though.
I was referring to SELinux and TOMOYO.
Cheers,
Tom
More information about the arch-dev-public
mailing list