Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: "Anthony G. Basile" <basile@...>
Subject: Re: Adding a new selinux profile to default/linux/{amd64,x86}/10.0
Date: Wed, 07 Dec 2011 19:16:16 -0500
On 12/07/2011 01:44 PM, Mike Frysinger wrote:
> On Wednesday 07 December 2011 09:07:41 Anthony G. Basile wrote:
>> Some time ago the selinux team restructured the selinux profiles and
>> made a features/selinux which could be stacked on the hardened profiles
>> for x86/amd64.  At that time I also tested and found that it stacked
>> fine on default/linux/{amd64,x86}/10.0.  I'm emailing the list to see if
>> there's any reason why we shouldn't add
>> default/linux/{amd64,x86}/10.0/selinux.  Currently I prefer adding it
>> directly to 10.0 rather than 10.0/server because the status of the later
>> is uncertain.  Selinux on the desktops is not being strongly supported
>> so its not appropriate there either, leaving only 10.0/selinux.  If
>> added eselect profile list would show
>>
>>   [1]   default/linux/amd64/10.0
>>   [2]   default/linux/amd64/10.0/selinux
>>   [3]   default/linux/amd64/10.0/desktop
>>   [4]   default/linux/amd64/10.0/desktop/gnome
>>   [5]   default/linux/amd64/10.0/desktop/kde
>>   [6]   default/linux/amd64/10.0/developer
>>   [7]   default/linux/amd64/10.0/no-multilib
>>   [8]   default/linux/amd64/10.0/server
>>   [9]   hardened/linux/amd64 *
>>   [10]   hardened/linux/amd64/selinux
>>   [11]  hardened/linux/amd64/no-multilib
>>   [12]  hardened/linux/amd64/no-multilib/selinux
> 
> we have the selinux/ root.  is that no longer necessary ?
> -mike

We deprecated that when we moved to the features/selinux.  The point was
to avoid duplication and maintain all selinux profile stuff in one
place, then just stack it on top of other profiles like we did with [10]
and [12] above.  We now want to extend it to [2].

-- 
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197


References:
Adding a new selinux profile to default/linux/{amd64,x86}/10.0
-- Anthony G. Basile
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Adding a new selinux profile to default/linux/{amd64,x86}/10.0
Next by thread:
{bi,multi}arch support for all x86/amd64/ppc/sparc systems
Previous by date:
Re: {bi,multi}arch support for all x86/amd64/ppc/sparc systems
Next by date:
Re: Bleeding edge hardened-sources: move PaX markings from ELF to Extended Attributes


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.