[arch-general] Revisiting the SELinux/audit question: Disabling audit on the kernel command line
SET
nmset at netcourrier.com
Sun Feb 12 19:53:19 UTC 2017
Le dimanche 12 février 2017 18:43:22 CET Tobias Markus a écrit :
> I would be glad if Arch Linux's official kernel could support SELinux
> again this way!
>https://lists.archlinux.org/pipermail/arch-general/2014-March/035679.html
Thank you for the link you posted. I went through most of the discussion. This
quote is what strikes me most :
https://lists.archlinux.org/pipermail/arch-general/2014-March/035658.html
>That they are disabled at runtime does not mean that they have no impact
>at runtime. At best, it's "only" a performance impact and at worst, it
>even causes problems.
Everything has already been discussed. The global conclusions seem to be :
Most users don't need SELinux/AppArmor or anything that protects them from
themselves;
Implementing these features in the kernel may lead to more trouble than ease;
Arch kernel's devs and other devs are not ready for the tremendous tasks
following such a decision;
These features can be compiled in personal kernels if required;
Arch devs do that on a voluntary basis and can't respond to all requests.
For me, I'm happy with Arch as it is, I'm happy the previous discussion led to
the 'no need' conclusion, and I just want to voice I wish it goes on this way.
Regards.
More information about the arch-general
mailing list