[arch-general] Revisiting the SELinux/audit question: Disabling audit on the kernel command line
nmset at netcourrier.com
nmset at netcourrier.com
Mon Feb 13 16:35:38 UTC 2017
Le lundi 13 février 2017 16:26:46 CET Tobias Markus a écrit :
> Enabling the audit/SELinux
> config option in itself is not really a maintenance burden.
Userspace tools, SE policies... the 'users interested in trying out SELinux'
won't do that.
>but wouldn't you agree that the Wiki page asking you to compile
>your own kernel first somewhat hinders users interested in trying out SELinux?
A huge interest will lead them to build from scratch.
>I don't think that the theoretical next step in Arch Linux SELinux
>support, i.e. userspace tools in [community]/[extra], could ever be
reasonably
>done if the actual kernel does not support SELinux.
The theoretical next step is not a natural move. Arch users do not have
military grade security needs. Even sensitive industries like power plants, or
less sensitive businesses like the post office, won't use a bleeding edge distro
like Arch.
Regards.
More information about the arch-general
mailing list