On 12/19/2014 8:41 AM, Daniel J Walsh wrote: > Currently Symantec requires SELinux be disabled, claiming there is > conflicts in the kernel modules. > > http://www.symantec.com/connect/forums/does-scsp-agent-support-selinux Based on the fact they are also disparaging AppArmor and a couple of out-of-tree security modules, and that SELinux=permissive is not sufficient I'm assuming it's an out-of-tree security module. > > As the customer wants to take advantage of certain SELinux features > like sVirt for VMs and Docker Containers, this conflict is coming to a head. > > Is anyone familiar with whether or not this is a real conflict or just > something assumed by Symantec? > > The customer like Symantec's ability to do intrusion detection and > remote logging and configuration of CSB. > > Bottom line the customer wants both. It would help if someone from the SELinux community would comment on the v18 concurrent security modules patches. Moving that work forward is your best step toward getting what you need. Of course, v18 doesn't get you all the way, but it gets closer. > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
