Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#42910 - [linux] consider re-enabling TOMOYO / SMACK as they don't depend on AUDIT

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Wednesday, 26 November 2014, 12:09 GMT
Last edited by Thomas B├Ąchler (brain0) - Saturday, 30 July 2016, 12:27 GMT
Task Type Feature Request
Category Packages: Core
Status Assigned
Assigned To Tobias Powalowski (tpowa)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 17
Private No


Here's the thread where the decision was made to remove these:

SELinux and AppArmor require CONFIG_AUDIT=y, which makes enabling them an intrusive change with an impact on everyone. I agree with keeping those disabled until upstream provides a way to fully disable audit by default.

However, SMACK and TOMOYO don't have the hard dependency on CONFIG_AUDIT=y and are built as entirely optional modules. Enabling these has no impact on people who aren't opting into to using them beyond an insignificant increase in the package size.

The TOMOYO tools were included in the repositories when it was disabled, and I'm interested in moving them back.

I'm not interested in SMACK, but there are packages for it in the AUR and the current lack of interest in them likely has to do with the need to keep recompiling the kernel whenever it updates... I don't see a good reason to make life harder for people who want to use it.
This task depends upon

Comment by Doug Newgard (Scimmia) - Wednesday, 26 November 2014, 21:35 GMT
This is mostly a duplicate of  FS#39852 , but I'll let the maintainers make that call.
Comment by Daniel Micay (thestinger) - Wednesday, 26 November 2014, 22:56 GMT
I don't think it's a duplicate. It wasn't clear that these were fully modular from that issue report. The rationale for disabling these features was to get rid of non-optional, invasive features like CONFIG_AUDIT which has a significant performance impact and adds useless nonsense to the kernel logs. SELinux and AppArmor had to go as they have a hard dependency on it but removing these was actually unnecessary. As long as the default security model is left as DAC there's no impact on people who aren't opting in.

Technical decisions should be re-evaluated when new information comes to light. I've verified that TOMOYO works fine without audit support enabled, although it does have the ability to use it for logging enhancements.
Comment by Daniel Micay (thestinger) - Wednesday, 26 November 2014, 22:58 GMT
Arch is enabling the LSM framework to get the very useful ptrace_scope feature from Yama anyway.
Comment by Xan (xan) - Monday, 22 June 2015, 13:18 GMT
Perhaps the same could be done with Apparmor, because it only needs


Comment by Daniel Micay (thestinger) - Monday, 22 June 2015, 13:38 GMT
Enabling it will turn on AUDIT:

bool "AppArmor support"
depends on SECURITY && NET
select AUDIT
default n
This enables the AppArmor security module.
Required userspace tools (if they are not included in your
distribution) and further information may be found at

If you are unsure how to answer this question, answer N.