selinux vs grsecurity

Archaic archaic at
Thu Aug 5 11:11:20 PDT 2004

On Thu, Aug 05, 2004 at 07:36:36PM +0200, Laurens Blankers wrote:
> I see current HLFS uses the grsecurity kernel patches, but if I remember 
> correctly it used selinux in the past.

No. SELinux was never incorporated in the past. And we aren't using the
ACL functionality of GRsec at the moment. Both are planned, but which
would fit the book's design goals the best is not decided.

> Could someone be so good as to tell me the pros and cons of both kernels?

Neither are kernels. They are system-wide additions of functionality.
Your best bet would be to read the homepages for both projects, and get
on the mailing lists. If you are serious about hammering out an SELinux
LFS, feel free to post notes and comments here, as it will be a tedious
and long job. Robert was working on it, but I the toolchain took first
priority, so I think he backed off it for the time being.


[W]hat country can preserve its liberties, if its rulers are not warned
from time to time that [the] people preserve the spirit of resistance?
Let them take arms...The tree of liberty must be refreshed from time to
time, with the blood of patriots and tyrants.

- Thomas Jefferson, letter to Col. William S. Smith, 1787

More information about the hlfs-dev mailing list