Re: user namespaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, 02 Feb 2017 11:49:38 -0500, Daniel Micay via arch-general wrote:
>On Thu, 2017-02-02 at 17:39 +0100, Ralf Mardorf wrote:
>> On Thu, 02 Feb 2017 11:22:28 -0500, Daniel Micay via arch-general
>> wrote:  
>> > The reason for SELinux and AppArmor not being enabled for linux or
>> > linux-grsec has to do with audit. If people were willing to do a
>> > bit of work, all of the MAC implementations rather than only
>> > grsecurity RBAC and TOMOYO could be available.  
>> 
>> IIUC Mark Shuttleworth offered manpower to enable a standard
>> mac-based security framework:
>> https://lists.ubuntu.com/archives/snapcraft/2017-January/002247.html  
>
>There's a need to improve audit or remove the dependency on it. If
>there was a kernel configuration option upstream to fully disable
>audit by default and avoid logging / performance / security issues
>from it then the kernel maintainers would likely be willing to enable
>it and the LSMs depending on it again. They were disabled due to the
>drawbacks of audit, combined with the lack of effort to actually use
>those LSMs on Arch. It is not simply a matter of people not stepping
>up to integrate the MACs but also the kernel requiring changes that
>our kernel maintainers are not willing to carry out-of-tree.

Hi,

don't get me wrong, I'm not interested in this for my Arch Linux based
digital audio workstation. I only want to provide a pointer for the OP,
assuming the OP wants to add a kernel to the AUR.

Regards,
Ralf

-- 
PS: "linux-rt" is important to me
[rocketmouse@archlinux ~]$ cd /boot/; ls vm*
vmlinuz-linux  vmlinuz-linux-rt  vmlinuz-linux-rt-lts
vmlinuz-linux-rt-presonus  vmlinuz-linux-rt-rosaplüsch




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux