On Thu, 02 Feb 2017 11:49:38 -0500, Daniel Micay via arch-general wrote: >On Thu, 2017-02-02 at 17:39 +0100, Ralf Mardorf wrote: >> On Thu, 02 Feb 2017 11:22:28 -0500, Daniel Micay via arch-general >> wrote: >> > The reason for SELinux and AppArmor not being enabled for linux or >> > linux-grsec has to do with audit. If people were willing to do a >> > bit of work, all of the MAC implementations rather than only >> > grsecurity RBAC and TOMOYO could be available. >> >> IIUC Mark Shuttleworth offered manpower to enable a standard >> mac-based security framework: >> https://lists.ubuntu.com/archives/snapcraft/2017-January/002247.html > >There's a need to improve audit or remove the dependency on it. If >there was a kernel configuration option upstream to fully disable >audit by default and avoid logging / performance / security issues >from it then the kernel maintainers would likely be willing to enable >it and the LSMs depending on it again. They were disabled due to the >drawbacks of audit, combined with the lack of effort to actually use >those LSMs on Arch. It is not simply a matter of people not stepping >up to integrate the MACs but also the kernel requiring changes that >our kernel maintainers are not willing to carry out-of-tree. Hi, don't get me wrong, I'm not interested in this for my Arch Linux based digital audio workstation. I only want to provide a pointer for the OP, assuming the OP wants to add a kernel to the AUR. Regards, Ralf -- PS: "linux-rt" is important to me [rocketmouse@archlinux ~]$ cd /boot/; ls vm* vmlinuz-linux vmlinuz-linux-rt vmlinuz-linux-rt-lts vmlinuz-linux-rt-presonus vmlinuz-linux-rt-rosaplüsch
