Talk:SELinux

From ArchWiki
Latest comment: 6 February 2014 by Genghizkhan91 in topic Custom Kernel Advice

Custom Kernel Advice

Under the section about Preparing the kernel the artile says:

"Warning: If you've built a custom kernel which is not linux-selinux (e.g. linux-ice or linux-pf), then the various packages which have to be compiled may fail to do so because of the linux-selinux dependency. Make sure to remove that dependency while compiling those packages. However, be careful that the options mentioned above are enabled in your kernel configuration."

Wouldn't it make more sense to advise people to properly set the provides and conflicts variables in their custom pkgbuild instead of manually removing a dependency from every other pkgbuild that relies on it? Tjwoosta (talk) 20:25, 7 December 2013 (UTC)Reply[reply]

Well, it actually does make more sense. The various SELinux packages should not depend upon this kernel (linux-selinux, that is). However, it really is the easiest solution to all this trouble. The packages assume that an SELinux enabled kernel is present on the system. However, the only kernel in both the official repos as well as the AUR to support SELinux out of the box is this kernel. I wrote that warning to remind people that they need to be running a kernel compiled with SELinux support. - Genghizkhan91 (talk) 07:09, 3 January 2014 (UTC)Reply[reply]

Regarding linux-selinux

There is no need for the package any more, methinks, seeing that the SELinux LSMs are enabled now in the kernel. Hence, I am changing the status of linux-selinux in Siosm's table to deprecated, seeing that the official kernel package now includes support for it by default. - Genghizkhan91 (talk) 07:05, 6 February 2014 (UTC)Reply[reply]

Regarding systemd-selinux

The last time I tried installing the latest systemd in the official repos (compiling it with selinux support, of course), I found there to exist an ordering cycle which does not exist normally (i.e. without selinux support compiled and the audit daemon). I wrote this warning for it:

Warning: Another way to install systemd is by getting the official PKGBUILD file and making the changes as shown above. However, as of the current version of systemd (204-2) in the official repos, running the audit daemon (auditd.service) causes the creation of an ordering cycle on basic.target causing certain sockets and services to fail. The current version of selinux-systemd in the AUR is 203-1 which has no problems of this sort.

Has this problem been resolved with the current version of systemd in the AUR? - Genghizkhan91 (talk) 07:13, 3 January 2014 (UTC)Reply[reply]

Regarding installation via AUR

Someone needs to do this and see if it works as written here or whether some of the steps (especially downgrading swig) are still required. - Genghizkhan91 (talk) 08:14, 3 January 2014 (UTC)Reply[reply]

This should not be required anymore. I've built the setools PKGBUILD against the current version of swig. I'll update this part as soon as I get a working system. Siosm (talk) 02:50, 18 January 2014 (UTC)Reply[reply]