[arch-general] base stuff
Thomas S Hatch
thatch45 at gmail.com
Fri Apr 8 11:17:46 EDT 2011
On Fri, Apr 8, 2011 at 8:17 AM, Nicky726 <Nicky726 at gmail.com> wrote:
> Dne pátek 08 dubna 2011 12:43:51 Kaiting Chen napsal(a):
> > On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa <jelle at vdwaa.nl>
> wrote:
> > > And on a side note, I don't like archlinux forcing users to use SELinux
> > > because users should have a choice to use any MAC software they want.
> > > That's why AppArmor /Tomoyo are nicer solutions cause they don't
> require
> > > recompiling of packages -> increasing bugs/problems.
> >
> > If we compile our packages with SELinux support, does that force users to
> > use SELinux? I was under the impression that these changes would be
> > completely benign on non-SELinux enabled systems. --Kaiting.
>
> AFAIK selinux-userspace libraries then have to be installed, but SELinux
> itself can be disabled in its main configuration file.
>
> BTW I maintain SELinux enabled "packages" in the AUR and for most of them
> just
> recompile is needed, for some though some patching has to be done.
>
> If I may add more to this SELinux related thread, I would like to aply for
> TU
> and bring SELinux packages to community in the summer, to make using
> SELinux
> easier.
>
> Nicky726
>
> --
> Don't it always seem to go
> That you don't know what you've got
> Till it's gone
>
> (Joni Mitchell)
>
A lot of valid points have been made here :) Just to reiterate a few things.
1. Compiling in support for SELinux does not force a user to use it, it just
makes it available
2. Adding SELinux enabled packages to community would be
an excellent venue for enabling SELinux in a very benign way +1
3. Forcing core developers to maintain SELinux in their packages, as Allan
has stated, would be problematic.
4. Adding the functionality to Community would allow us to flesh out SELinux
problems and better gauge what problems would be involved in moving it to
core, and how viable that process would be.
Again, I don't want to sound like a madman on a soapbox screaming SELinux,
and I had no intention to start this discussion when I mentioned this
passively in the crazy cron thread :). But since it hit a nerve, I might as
well comment :)
-Thomas S Hatch
More information about the arch-general
mailing list