[arch-general] Revisit official SELinux support

جاك الفضة jacksilver045 at gmail.com
Fri Nov 1 07:55:24 EDT 2013


On Mon, Oct 28, 2013 at 7:39 PM, Karol Babioch <karol at babioch.de> wrote:

> Hi,
>
> I'm wondering whether there was ever an actual discussion regarding the
> SELinux support within Arch. I could only find a bug report from
> September 2012 (see [1]), which was closed by Dave Reisner with kind of
> a lame comment: "A million times no.".
>
> After having dealt with SELinux on a couple of occasions I think that it
> is real security enhancement worth the initial hassle of setting it up
> properly (at least in a server environment).
>
> Looking into the support for SELinux in Arch I think it is way too messy
> to be actually used in practice (see [2]).
>
> I wouldn't go so far to suggest to enable SELinux by default as proposed
> in the bug report mentioned above, but I think it would actually make
> sense to support it - more or less - officially. I'm thinking about a
> model similar to the one implemented by Debian (see [3]). It basically
> comes down to installing some default policies and enabling SELinux by
> running a script.
>
> This would, however, require at least the stock kernel to have support
> for SELinux built-in by default. Are there any technical reasons for
> this not being the case already?
>
> I don't want this to become a discussion about the pros and cons of
> SELinux (on a desktop system) in general. I'm just wondering whether it
> would be feasible to implement "official" support for SELinux within
> Arch. So, if possible, please keep it technical.
>
> Best regards,
> Karol Babioch
>
> [1]: https://bugs.archlinux.org/task/31448
> [2]: https://wiki.archlinux.org/index.php/SELinux
> [3]: https://wiki.debian.org/SELinux/Setup
>
>
I sended request for the reopening of my bug report.

 جاك الفضة


More information about the arch-general mailing list