Re: base stuff (was: Change Arch's default crond)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Apr 6, 2011 at 7:53 PM, Tom Gundersen <teg@xxxxxxx> wrote:

> On Thu, Apr 7, 2011 at 6:46 AM, Thomas S Hatch <thatch45@xxxxxxxxx> wrote:
> > On Wed, Apr 6, 2011 at 4:32 PM, Heiko Baums <lists@xxxxxxxxxxxxxxx>
> wrote:
> >
> >> Am Wed, 6 Apr 2011 16:25:42 -0600
> >> schrieb Thomas S Hatch <thatch45@xxxxxxxxx>:
> >>
> >> > As for adding SELinux support in base but keeping it turned off by
> >> > default, +1
> >>
> >> Then you mean adding it to [core]. (base) is supposed to be installed
> >> on every system. And SELinux is definitely not necessary for a minimal
> >> base Linux installation.
> >>
> >> Heiko
> >>
> >
> > SELinux is a compile flag in the kernel and base utils, it is not
> required
> > for a minimal system, but just adding the compile flags is a minor change
> > and makes setting up more secure systems a possibility.
> >
> > I think that the only reason it is omitted is because most people are
> > horrified by it, but if it is disabled by default then it is off and no
> one
> > need know that support is compiled in.
>
> I would just like to chime in and point out that if we want to allow
> selinux, then we would need someone committed to supporting it. I have
> never used it myself, but from what I hear it would need to be
> supported by things like initscripts to be used properly. If such
> support can be added elegantly and securely then I am not opposed to
> it.
>
> Cheers,
>
> Tom
>

I like to hear that Tom!
Unfortunately many people think that having SELinux compiled in means that
it is running, having SELinux compiled into the core utils and the kernel
but leaving it turned off has 0 negative effect on the system. Adding
support for SELinux into Arch does not, in any way force anyone use it, if
that were the case I would be %100 against it.

I will need to set up SELinux in my datacenters very soon, because it is a
very fundamental security layer, when I have it running I will give you all
of the patches that the initscripts may need and make sure that they are non
intrusive.


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux