[arch-general] Revisit official SELinux support
karol at babioch.de
Mon Oct 28 19:39:46 EDT 2013
I'm wondering whether there was ever an actual discussion regarding the
SELinux support within Arch. I could only find a bug report from
September 2012 (see ), which was closed by Dave Reisner with kind of
a lame comment: "A million times no.".
After having dealt with SELinux on a couple of occasions I think that it
is real security enhancement worth the initial hassle of setting it up
properly (at least in a server environment).
Looking into the support for SELinux in Arch I think it is way too messy
to be actually used in practice (see ).
I wouldn't go so far to suggest to enable SELinux by default as proposed
in the bug report mentioned above, but I think it would actually make
sense to support it - more or less - officially. I'm thinking about a
model similar to the one implemented by Debian (see ). It basically
comes down to installing some default policies and enabling SELinux by
running a script.
This would, however, require at least the stock kernel to have support
for SELinux built-in by default. Are there any technical reasons for
this not being the case already?
I don't want this to become a discussion about the pros and cons of
SELinux (on a desktop system) in general. I'm just wondering whether it
would be feasible to implement "official" support for SELinux within
Arch. So, if possible, please keep it technical.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the arch-general