On Mon, Oct 28, 2013 at 7:39 PM, Karol Babioch <karol@xxxxxxxxxx> wrote: > Hi, > > I'm wondering whether there was ever an actual discussion regarding the > SELinux support within Arch. I could only find a bug report from > September 2012 (see [1]), which was closed by Dave Reisner with kind of > a lame comment: "A million times no.". > > After having dealt with SELinux on a couple of occasions I think that it > is real security enhancement worth the initial hassle of setting it up > properly (at least in a server environment). > > Looking into the support for SELinux in Arch I think it is way too messy > to be actually used in practice (see [2]). > > I wouldn't go so far to suggest to enable SELinux by default as proposed > in the bug report mentioned above, but I think it would actually make > sense to support it - more or less - officially. I'm thinking about a > model similar to the one implemented by Debian (see [3]). It basically > comes down to installing some default policies and enabling SELinux by > running a script. > > This would, however, require at least the stock kernel to have support > for SELinux built-in by default. Are there any technical reasons for > this not being the case already? > > I don't want this to become a discussion about the pros and cons of > SELinux (on a desktop system) in general. I'm just wondering whether it > would be feasible to implement "official" support for SELinux within > Arch. So, if possible, please keep it technical. > > Best regards, > Karol Babioch > > [1]: https://bugs.archlinux.org/task/31448 > [2]: https://wiki.archlinux.org/index.php/SELinux > [3]: https://wiki.debian.org/SELinux/Setup > > I sended request for the reopening of my bug report. جاك الفضة
