Hello, guys, I noticed this discussion about SELinux just now... as a current maintainer of SELinux packages in the AUR, let me react. First of all, since I have been very busy lately, I didn't have time to keep the AUR packages up-to-date, and the prospects in the near future don't look very good... So, if there is a willing hand among you, I can pass the maintanence to you, together with offline git repos and scripts I use to keep the packages in sync with [core], if that is of any help to you. Now, to the support of SELinux... To enable it, there are 1) certain changes needed in [core] packages; 2) addition of new packages from SELinux-userspace project; and finally 3) changes in SELinux policy to fit the Arch. 1) as for changes in [core] packages... these are ussually just build options, sometimes a patch is needed from Fedora, which is ususally upstreamed in the next-or-so version. From currently used packages: coreutils cronie findutils linux logrotate openssh pam psmisc shadow sudo systemd util-linux, in their out-of-date state only findutils, pam, and psmisc use those patches. The case of pam is more complicated, since Arch uses pam_unix2, which is not used in Fedora, causing the patch being harder to come by. 2) as for SELinux-userspace and others, the biggest issue is the changes needed due to python3/python2, and setools which is a mess. 3) as for the policy, I never really got there deep enough, but it seems that especially labelling paths have to be changed to respect the status in Arch, so probably a new Arch SELinux policy should be created and maintained based on Refpolicy or Fedora policy with lots of patching of .fc files. Also, for reasons unknown to me, selinux-usr-checkpolicy has to be build with legacy version of flex to successfully build SELinux policy. Hope, this is of some help... Regards, Nicky -- Don't it always seem to go That you don't know what you've got Till it's gone (Joni Mitchell)
