1 |
On Mon, 2002-10-28 at 17:45, nixnut wrote: |
2 |
> Chris PeBenito wrote: |
3 |
> |
4 |
> >Mainly just try stuff to make sure your system still works. :) I needed |
5 |
> >to make sure everything was ok, since I need to get people updated; |
6 |
> > |
7 |
> Ok, so far so good. Is there a reference gentoo-selinux platform? One |
8 |
> that specifies which applications are supported (required)? That way we |
9 |
> know what needs to work and thus what needs testing. |
10 |
|
11 |
Not specifically, but mainly things to test is common stuff like: |
12 |
|
13 |
* init loads policy on startup |
14 |
* can login from console |
15 |
* can login from ssh |
16 |
* can newrole |
17 |
* restart services |
18 |
|
19 |
On a side note, there are a few new things in this release. run_init is |
20 |
no longer needed, because we have integrated it into our init script |
21 |
system (still needed on other distros). Also there is a sestatus tool |
22 |
that I wrote, and contributed upstream. With no options, it gives you a |
23 |
short status: |
24 |
|
25 |
# sestatus |
26 |
SELinux status: enabled |
27 |
SELinuxfs mount: /selinux |
28 |
Current mode: enforcing |
29 |
Policy version: 16 |
30 |
|
31 |
with a -v option, it checks the context of several files and processes, |
32 |
in addition to the above. It can help in making sure contexts are |
33 |
consistent: |
34 |
|
35 |
Process contexts: |
36 |
Current context: pebenito:sysadm_r:sysadm_t |
37 |
Init context: system_u:system_r:init_t |
38 |
/sbin/agetty system_u:system_r:getty_t |
39 |
/usr/sbin/sshd system_u:system_r:sshd_t |
40 |
|
41 |
File contexts: |
42 |
Controlling term: pebenito:object_r:sysadm_devpts_t |
43 |
/etc/passwd system_u:object_r:etc_t |
44 |
/etc/shadow system_u:object_r:shadow_t |
45 |
/bin/bash system_u:object_r:shell_exec_t |
46 |
/bin/login system_u:object_r:login_exec_t |
47 |
/bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t |
48 |
/sbin/agetty system_u:object_r:getty_exec_t |
49 |
/sbin/init system_u:object_r:init_exec_t |
50 |
/usr/sbin/sshd system_u:object_r:sshd_exec_t |
51 |
/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:shlib_t |
52 |
/lib/ld.so.1 system_u:object_r:lib_t -> system_u:object_r:ld_so_t |
53 |
|
54 |
> Ok, I assume you know that the packages file in the new profile is |
55 |
> rather empty? I tried to bootstrap a new system with it without looking |
56 |
> at it first, so I was a bit surprised that emerge asked me to tell it |
57 |
> what to do :-) |
58 |
|
59 |
The file looks empty because of the new stacked profiles. The profile |
60 |
that make.profile is linked to has several parent profiles, that |
61 |
eventually gets to the base profile, which has a quite full packages |
62 |
file :) However, it won't work right unless you have a |
63 |
>=portage-2.0.50-r2 installed. |
64 |
|
65 |
-- |
66 |
Chris PeBenito |
67 |
<pebenito@g.o> |
68 |
Developer, |
69 |
Hardened Gentoo Linux |
70 |
Embedded Gentoo Linux |
71 |
|
72 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
73 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |