[arch-general] [arch-dev-public] Trimming down our default kernel configuration
mysatyre at gmail.com
Fri Mar 28 07:01:06 EDT 2014
On Fri, Mar 28, 2014 at 11:54 AM, Arthur Țițeică <arthur at psw.ro> wrote:
> În ziua de Joi 27 Martie 2014, la 23:49:45, Thomas Bächler a scris:
>> And here is my problem: Audit is enabled by default and must be
>> explicitly disabled by the admin. This is a showstopper for me! There is
>> no kernel option to configure audit to be disabled by default (as far as
>> I am aware) so that it can be enabled with 'audit=1' on the command line.
> I couldn't find a definitive answer but the two documents I did find ¹²
> suggest that having selinux and audit fully functional (not just enabled) has
> no real performance impact.
> Kernel debugging options on the other side seem to have a much bigger impact.
> It raises a question mark that the two most important components of a system
> (systemd and the kernel) have security measures disabled.
> People in this thread like to put out the over subjective "lightweight" factor
> but still there are no bug reports or any other solid evidence that the kernel
> ate their computers since apparmor, selinux and audit were semi-silently
> enabled a few builds back.
Exactly my thoughts about this thread.
I'm very much for cleaning up the kernel config from things that
factually are useless.
Thanks for reading up everyone and keep trying to not step on each other's toes.
More information about the arch-general