On 26-03-2014 19:18, Leonid Isaev wrote: >> 1) Once we agreed to disable one LSM, everyone else said "we can enable >> LSM XYZ, too". And so we did. Right now, we enable SELinux, SMACK, >> Tomoyo, AppArmor and Yama, although we don't support the userspace for >> any of those. >> >> I propose to drop all of them. > > I agree regarding SELinux/Apparmor (it's not only userspace tools, but also > sane application policies that are missing). > > However, I don't think that Yama requires any userspace components, does it? > Currently, I boot with "security=yama" and completely disabled non-admin > ptrace (kernel.yama.ptrace_scope=2). Perhaps -ARCH kernels should keep Yama > available albeit disabled by default (as they now do). > If the reason for dropping support is the lack of maintained userspace tools then tomoyo does have tomoyo-tools in [community]. However it requires the user to manage rules creation and maintenance. -- Mauro Santos
Attachment:
signature.asc
Description: OpenPGP digital signature
