On Fri, Apr 8, 2011 at 8:17 AM, Nicky726 <Nicky726@xxxxxxxxx> wrote: > Dne pátek 08 dubna 2011 12:43:51 Kaiting Chen napsal(a): > > On Fri, Apr 8, 2011 at 3:44 AM, Jelle van der Waa <jelle@xxxxxxxx> > wrote: > > > And on a side note, I don't like archlinux forcing users to use SELinux > > > because users should have a choice to use any MAC software they want. > > > That's why AppArmor /Tomoyo are nicer solutions cause they don't > require > > > recompiling of packages -> increasing bugs/problems. > > > > If we compile our packages with SELinux support, does that force users to > > use SELinux? I was under the impression that these changes would be > > completely benign on non-SELinux enabled systems. --Kaiting. > > AFAIK selinux-userspace libraries then have to be installed, but SELinux > itself can be disabled in its main configuration file. > > BTW I maintain SELinux enabled "packages" in the AUR and for most of them > just > recompile is needed, for some though some patching has to be done. > > If I may add more to this SELinux related thread, I would like to aply for > TU > and bring SELinux packages to community in the summer, to make using > SELinux > easier. > > Nicky726 > > -- > Don't it always seem to go > That you don't know what you've got > Till it's gone > > (Joni Mitchell) > A lot of valid points have been made here :) Just to reiterate a few things. 1. Compiling in support for SELinux does not force a user to use it, it just makes it available 2. Adding SELinux enabled packages to community would be an excellent venue for enabling SELinux in a very benign way +1 3. Forcing core developers to maintain SELinux in their packages, as Allan has stated, would be problematic. 4. Adding the functionality to Community would allow us to flesh out SELinux problems and better gauge what problems would be involved in moving it to core, and how viable that process would be. Again, I don't want to sound like a madman on a soapbox screaming SELinux, and I had no intention to start this discussion when I mentioned this passively in the crazy cron thread :). But since it hit a nerve, I might as well comment :) -Thomas S Hatch
