[arch-general] Revisiting the SELinux/audit question: Disabling audit on the kernel command line

SET nmset at netcourrier.com
Sun Feb 12 19:53:19 UTC 2017


Le dimanche 12 février 2017 18:43:22 CET Tobias Markus a écrit :
> I would be glad if Arch Linux's official kernel could support SELinux
> again this way!
>https://lists.archlinux.org/pipermail/arch-general/2014-March/035679.html

Thank you for the link you posted. I went through most of the discussion. This 
quote is what strikes me most :
https://lists.archlinux.org/pipermail/arch-general/2014-March/035658.html

>That they are disabled at runtime does not mean that they have no impact
>at runtime. At best, it's "only" a performance impact and at worst, it
>even causes problems.

Everything has already been discussed. The global conclusions seem to be :

Most users don't need SELinux/AppArmor or anything that protects them from 
themselves;
Implementing these features in the kernel may lead to more trouble than ease;
Arch kernel's devs and other devs are not ready for the tremendous tasks 
following such a decision;
These features can be compiled in personal kernels if required;
Arch devs do that on a voluntary basis and can't respond to all requests.

For me, I'm happy with Arch as it is, I'm happy the previous discussion led to 
the 'no need' conclusion, and I just want to voice I wish it goes on this way.

Regards.


More information about the arch-general mailing list