[arch-general] [arch-dev-public] Trimming down our default kernel configuration
thomas at archlinux.org
Thu Mar 27 18:49:45 EDT 2014
Am 27.03.2014 20:33, schrieb Nicolas Iooss:
> TL;DR: this is a technical answer which can be seen as slightly
> off-topic as it focus only on SELinux and not much about kernel config
Very interesting, thanks for looking into it deeper. I'll leave most of
> This does sound weird. Could you please give me some references to
> this so that I can understand better? I only know that SELinux uses
> the audit subsystem to report denials and that the audit subsystem can
> be disabled at boot time using "audit=0" kernel command line parameter
> (and also I've read
Okay, you are right, it wasn't AppArmor, it was SELinux. According to
Kconfig, SELinux depends on Audit.
And here is my problem: Audit is enabled by default and must be
explicitly disabled by the admin. This is a showstopper for me! There is
no kernel option to configure audit to be disabled by default (as far as
I am aware) so that it can be enabled with 'audit=1' on the command line.
As long as SELinux needs audit and audit is enabled by default, SELinux
will not make it to the 3.14+ versions of our linux package.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 901 bytes
Desc: OpenPGP digital signature
More information about the arch-general