You are not logged in.
So after reading this https://wiki.archlinux.org/title/SELinux I notice that the SELinux Userspace tools and libraries and policies are part of the AUR, because SELinux is not 100% supported in Arch. So my question is: If someone just install the SELinux kernel module does that will do nothing because you need to install the userspace tools and libraries of SELinux from the AUR ? Or the kernel module by itself does provide some security features of SELinux that are going to work in Arch ?
Last edited by Succulent of your garden (2025-10-09 15:57:40)
str( @soyg ) == str( @potplant ) btw!
Offline
(I'm not an SELinux expert, I was forced to deal with it in getting RH certified which was a couple of years ago now)
AFAIK, without a proper "/etc/selinux/config" policy config, SELinux does nothing and behaves like a non-SELinux system. You need the userspace tools to enable/activate all of SELinux.
Offline
Thanks for let me know that. I was thinking that but I was not sure. So you are using Tomoyo or app armor ? What do you think about that ? It seems that Tomoyo is more supported in Arch Linux.
str( @soyg ) == str( @potplant ) btw!
Offline
Me personally? No, I don't use any of those. SElinux is featured prominently in Red Hat and is therefore part of the certification process, but it's complete overkill on my local Arch laptop, imo. For me, security is 99% human driven - knowing what you're connecting to / downloading and limiting your AUR packages to the absolute minimum, or at least know what exactly what they're doing. And, yes, therefore I implicitly trust the official repos / upstream, but that's such a slippery slope: if someone can compromise the kernel, then why wouldn't they be able to compromise SELinux? However, I understand and respect why people run it.
Oh, and I'm old school - I still take regular backups of my data files to offline media.
Offline
Yep, I understand what you say. Thanks for the help! I'm going to check Tomoyo because I'm curious
str( @soyg ) == str( @potplant ) btw!
Offline