[arch-general] user namespaces
Ralf Mardorf
silver.bullet at zoho.com
Thu Feb 2 17:04:56 UTC 2017
On Thu, 02 Feb 2017 11:49:38 -0500, Daniel Micay via arch-general wrote:
>On Thu, 2017-02-02 at 17:39 +0100, Ralf Mardorf wrote:
>> On Thu, 02 Feb 2017 11:22:28 -0500, Daniel Micay via arch-general
>> wrote:
>> > The reason for SELinux and AppArmor not being enabled for linux or
>> > linux-grsec has to do with audit. If people were willing to do a
>> > bit of work, all of the MAC implementations rather than only
>> > grsecurity RBAC and TOMOYO could be available.
>>
>> IIUC Mark Shuttleworth offered manpower to enable a standard
>> mac-based security framework:
>> https://lists.ubuntu.com/archives/snapcraft/2017-January/002247.html
>
>There's a need to improve audit or remove the dependency on it. If
>there was a kernel configuration option upstream to fully disable
>audit by default and avoid logging / performance / security issues
>from it then the kernel maintainers would likely be willing to enable
>it and the LSMs depending on it again. They were disabled due to the
>drawbacks of audit, combined with the lack of effort to actually use
>those LSMs on Arch. It is not simply a matter of people not stepping
>up to integrate the MACs but also the kernel requiring changes that
>our kernel maintainers are not willing to carry out-of-tree.
Hi,
don't get me wrong, I'm not interested in this for my Arch Linux based
digital audio workstation. I only want to provide a pointer for the OP,
assuming the OP wants to add a kernel to the AUR.
Regards,
Ralf
--
PS: "linux-rt" is important to me
[rocketmouse at archlinux ~]$ cd /boot/; ls vm*
vmlinuz-linux vmlinuz-linux-rt vmlinuz-linux-rt-lts
vmlinuz-linux-rt-presonus vmlinuz-linux-rt-rosaplüsch
More information about the arch-general
mailing list