Re: Updated SELinux Release
On Fri, 2004-11-05 at 10:11, Colin Walters wrote:
> On Fri, 2004-11-05 at 10:28 +0000, Luke Kenneth Casson Leighton wrote:
> > i would agree with stephen that it should be compiled in,
> > default options "selinux=no".
>
> I don't believe Stephen said that. He said that the performance hit in
> that case is just the LSM hooks.
Obviously, I'd prefer the default to be selinux=1, but as a temporary
measure to getting SELinux compiled into the Debian kernel at all, I
think it is reasonable to make the boot-time default selinux=0 in their
kernel, as SuSE did with their kernel. You can change the default via a
config option, no patch required anymore.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
Reply to: