On Wed, 22 May 2019, Laurent Bigonville wrote: > So let's be it clear for the record. I'll personally oppose all patches that > would undermine the consistency and the experience of using SELinux in debian.
Erm… all the patch does is move the SELinux call into a separate executable so that init itself does not need to be linked against those libraries and doesn’t need to keep them resident (and will not be affected by flaws in those libraries, keeping the attack surface small, unlike *cough* others). As long as that other executable will end up in the same binary package in Debian, there will be no user-visible change save for saving some RAM. (I’m not quite convinced the effort is worth it, but given that this would be changed upstream, and that there are likely other users of the same upstream code who’re _not_ using SELinux, this would be very welcomed by those, so I’m okay with it.) bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-235 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg ********** Mit der tarent Academy bieten wir auch Trainings und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an. Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt. **********

