You are not logged in.
I wanted to install SElinux on my Arch installation. However, as I read the wiki page for it, I got the impression that it was either not ready enough for most users to attempt to use, or that it should only be tried by more experienced ones. The wiki page doesn't seem to be updated that often, either, which made me a bit wary.
1) First and foremost: Is anyone able to vouch if it is (mostly) ready to use? I'm not too sure if actually using it will be smooth, and will not have too many obstacles or caveats not listed on the wiki page.
2) Some parts of the wiki page seem to have implications for how stable and ready for use it is.
SELinux Userspace tools and libraries Implemented in AUR: https://aur.archlinux.org/packages/?O=0&K=selinux Work is done at https://github.com/archlinuxhardened/selinux
If I'm not mistaken, AUR packages are more likely to break and become out of date than official packages. Even though it is only the userland tools in the AUR, it can still create problems for my installation if the maintainers are not able to keep up with updates, correct? Along with that, they could break if the SElinux package itself makes a change that said userspace tool/library deals with. And final assumption, because SElinux is more critical and privileged, something going wrong could be catastrophic?
Summary of changes in AUR as compared to official core packages:
coreutils Need a rebuild with --with-selinux flag to link with libselinux
...
...
...
Searching the wiki, I could not find an article for rebuilding packages. Did I not search as well as I should have, or what is this list referring to?
SELinux Policy Work in progress, using Reference Policy as upstream
Policies are simply files specifying what a process is and is not allowed to have access to, right? So, there shouldn't be any strange behavior or caveats to implementing my own policies?
3) Will SElinux have any incompatibilities with packages or modules? For example, the run0-sudo-shim meant to replace sudo with run0 in more areas of the system, or the likes. I'm sure I am overthinking this, but I want to make sure.
4) Should I just save myself the trouble and use AppArmor instead? Part of the reason I want to use SElinux is due to the sheer number of packages that are dependent on the FUN that is python/javascript/rust remote libraries, as well as being cautious of AUR even with proactive measures.
Thank you!
Offline