[arch-general] Revisit official SELinux support
jacksilver045 at gmail.com
Fri Nov 1 07:55:24 EDT 2013
On Mon, Oct 28, 2013 at 7:39 PM, Karol Babioch <karol at babioch.de> wrote:
> I'm wondering whether there was ever an actual discussion regarding the
> SELinux support within Arch. I could only find a bug report from
> September 2012 (see ), which was closed by Dave Reisner with kind of
> a lame comment: "A million times no.".
> After having dealt with SELinux on a couple of occasions I think that it
> is real security enhancement worth the initial hassle of setting it up
> properly (at least in a server environment).
> Looking into the support for SELinux in Arch I think it is way too messy
> to be actually used in practice (see ).
> I wouldn't go so far to suggest to enable SELinux by default as proposed
> in the bug report mentioned above, but I think it would actually make
> sense to support it - more or less - officially. I'm thinking about a
> model similar to the one implemented by Debian (see ). It basically
> comes down to installing some default policies and enabling SELinux by
> running a script.
> This would, however, require at least the stock kernel to have support
> for SELinux built-in by default. Are there any technical reasons for
> this not being the case already?
> I don't want this to become a discussion about the pros and cons of
> SELinux (on a desktop system) in general. I'm just wondering whether it
> would be feasible to implement "official" support for SELinux within
> Arch. So, if possible, please keep it technical.
> Best regards,
> Karol Babioch
> : https://bugs.archlinux.org/task/31448
> : https://wiki.archlinux.org/index.php/SELinux
> : https://wiki.debian.org/SELinux/Setup
I sended request for the reopening of my bug report.
More information about the arch-general