On Fri, 2004-11-05 at 10:11, Colin Walters wrote: > On Fri, 2004-11-05 at 10:28 +0000, Luke Kenneth Casson Leighton wrote: > > i would agree with stephen that it should be compiled in, > > default options "selinux=no". > > I don't believe Stephen said that. He said that the performance hit in > that case is just the LSM hooks.
Obviously, I'd prefer the default to be selinux=1, but as a temporary measure to getting SELinux compiled into the Debian kernel at all, I think it is reasonable to make the boot-time default selinux=0 in their kernel, as SuSE did with their kernel. You can change the default via a config option, no patch required anymore. -- Stephen Smalley <[EMAIL PROTECTED]> National Security Agency