Revisit official SELinux support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

I'm wondering whether there was ever an actual discussion regarding the
SELinux support within Arch. I could only find a bug report from
September 2012 (see [1]), which was closed by Dave Reisner with kind of
a lame comment: "A million times no.".

After having dealt with SELinux on a couple of occasions I think that it
is real security enhancement worth the initial hassle of setting it up
properly (at least in a server environment).

Looking into the support for SELinux in Arch I think it is way too messy
to be actually used in practice (see [2]).

I wouldn't go so far to suggest to enable SELinux by default as proposed
in the bug report mentioned above, but I think it would actually make
sense to support it - more or less - officially. I'm thinking about a
model similar to the one implemented by Debian (see [3]). It basically
comes down to installing some default policies and enabling SELinux by
running a script.

This would, however, require at least the stock kernel to have support
for SELinux built-in by default. Are there any technical reasons for
this not being the case already?

I don't want this to become a discussion about the pros and cons of
SELinux (on a desktop system) in general. I'm just wondering whether it
would be feasible to implement "official" support for SELinux within
Arch. So, if possible, please keep it technical.

Best regards,
Karol Babioch

[1]: https://bugs.archlinux.org/task/31448
[2]: https://wiki.archlinux.org/index.php/SELinux
[3]: https://wiki.debian.org/SELinux/Setup	

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux