On Thu, Apr 7, 2011 at 6:46 AM, Thomas S Hatch <thatch45@xxxxxxxxx> wrote: > On Wed, Apr 6, 2011 at 4:32 PM, Heiko Baums <lists@xxxxxxxxxxxxxxx> wrote: > >> Am Wed, 6 Apr 2011 16:25:42 -0600 >> schrieb Thomas S Hatch <thatch45@xxxxxxxxx>: >> >> > As for adding SELinux support in base but keeping it turned off by >> > default, +1 >> >> Then you mean adding it to [core]. (base) is supposed to be installed >> on every system. And SELinux is definitely not necessary for a minimal >> base Linux installation. >> >> Heiko >> > > SELinux is a compile flag in the kernel and base utils, it is not required > for a minimal system, but just adding the compile flags is a minor change > and makes setting up more secure systems a possibility. > > I think that the only reason it is omitted is because most people are > horrified by it, but if it is disabled by default then it is off and no one > need know that support is compiled in. I would just like to chime in and point out that if we want to allow selinux, then we would need someone committed to supporting it. I have never used it myself, but from what I hear it would need to be supported by things like initscripts to be used properly. If such support can be added elegantly and securely then I am not opposed to it. Cheers, Tom
