[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/
Date:	Tue, 31 May 2011 20:28:38
Message-Id:	`b53fa7fbcbed84ecd3eacba62a2b009f5fda7216.SwifT@gentoo`

1

commit:     b53fa7fbcbed84ecd3eacba62a2b009f5fda7216

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Tue May 31 20:26:03 2011 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Tue May 31 20:26:03 2011 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=b53fa7fb

7

8

Updating previews

9

10

---

11

 html/selinux/hb-appendix-reference.html |   22 +++++++++++++++++++++-

12

 html/selinux/hb-using-commands.html     |   20 ++++++++++++++++----

13

 html/selinux/hb-using-install.html      |    9 +--------

14

 3 files changed, 38 insertions(+), 13 deletions(-)

15

16

diff --git a/html/selinux/hb-appendix-reference.html b/html/selinux/hb-appendix-reference.html

17

index 9743573..986c98f 100644

18

--- a/html/selinux/hb-appendix-reference.html

19

+++ b/html/selinux/hb-appendix-reference.html

20

@@ -63,9 +63,29 @@

21

     O'Reilly Media, 2004; ISBN 0596007167

22

   </li>

23

 </ul>

24

+<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.

25

+            </span>Gentoo Specific Resources</p>

26

+<p class="secthead"><a name="doc_chap1_sect1">Gentoo Hardened</a></p>

27

+<p>

28

+The following resources are specific towards Gentoo Hardened's SELinux

29

+implementation. 

30

+</p>

31

+<ul>

32

+  <li>

33

+    <a href="selinux-faq.html">SELinux Frequently Asked

34

+    Questions</a>

35

+  </li>

36

+  <li>

37

+    <a href="selinux-development.html">SELinux Development

38

+    Guidelines</a>

39

+  </li>

40

+  <li>

41

+    <a href="selinux-policy.html">SELinux Policy</a>

42

+  </li>

43

+</ul>

44

 </td>

45

 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">

46

-<tr><td class="topsep" align="center"><p class="alttext">Updated January 7, 2011</p></td></tr>

47

+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>

48

 <tr lang="en"><td align="center" class="topsep">

49

 <p class="alttext"><b>Donate</b> to support our development efforts.

50

         </p>

51

52

diff --git a/html/selinux/hb-using-commands.html b/html/selinux/hb-using-commands.html

53

index 50642a5..d9b6904 100644

54

--- a/html/selinux/hb-using-commands.html

55

+++ b/html/selinux/hb-using-commands.html

56

@@ -262,8 +262,14 @@ system_u            system_u

57

 </table>

58

<p>

59

 The default behavior is that users are logged on as the <span class="emphasis">user_u</span> SELinux

60

-user. If you want to allow another user (say <span class="code" dir="ltr">anna</span>) to log on as

61

-<span class="code" dir="ltr">staff_u</span>:

62

+user. This SELinux user is a non-administrator user: it has no specific

63

+privileges and should be used for every account that never requires elevated

64

+privileges (so no <span class="code" dir="ltr">su</span> or <span class="code" dir="ltr">sudo</span> rights for anything).

65

+</p>

66

+<p>

67

+The account you use to administer your system should be mapped to the

68

+<span class="code" dir="ltr">staff_u</span> SELinux user (or its own user with the appropriate roles). This

69

+can be accomplished as follows (example with the Unix account <span class="emphasis">anna</span>):

70

 </p>

71

 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">

72

 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Letting 'anna' log on as 'staff_u'</p></td></tr>

73

@@ -271,8 +277,14 @@ user. If you want to allow another user (say <span class="code" dir="ltr">anna</

74

 ~# <span class="code-input">semanage login -a -s staff_u anna</span>

75

 </pre></td></tr>

76

 </table>

77

+<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffffbb"><p class="note"><b>Important: </b>

78

+Make sure that whatever account you use to administer your system is mapped to

79

+the <span class="code" dir="ltr">staff_u</span> user, or has the ability to switch to the <span class="code" dir="ltr">sysadm_r</span>

80

+role. Portage only works from within the <span class="code" dir="ltr">sysadm_r</span> role.

81

+</p></td></tr></table>

82

<p>

83

-SELinux users then can be configured to belong to one or more roles.

84

+As mentioned, SELinux users are configured to be able to join in on one or more

85

+roles. To list the available roles, you can use <span class="code" dir="ltr">semanage user -l</span>:

86

 </p>

87

 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">

88

 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Listing login / role mappings</p></td></tr>

89

@@ -340,7 +352,7 @@ require you to enter the regular users' password.

90

 </p>

91

 </td>

92

 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">

93

-<tr><td class="topsep" align="center"><p class="alttext">Updated April 22, 2011</p></td></tr>

94

+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>

95

 <tr lang="en"><td align="center" class="topsep">

96

 <p class="alttext"><b>Donate</b> to support our development efforts.

97

         </p>

98

99

diff --git a/html/selinux/hb-using-install.html b/html/selinux/hb-using-install.html

100

index 6b41e61..2ce4dfe 100644

101

--- a/html/selinux/hb-using-install.html

102

+++ b/html/selinux/hb-using-install.html

103

@@ -119,13 +119,6 @@ the following settings to the right file (for instance

104

 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">

105

 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: SELinux ~arch packages</p></td></tr>

106

 <tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>

107

-sys-libs/libselinux

108

-sys-apps/policycoreutils

109

-sys-libs/libsemanage

110

-sys-libs/libsepol

111

-app-admin/setools

112

-dev-python/sepolgen

113

-sys-apps/checkpolicy

114

 sec-policy/*

115

 =sys-process/vixie-cron-4.1-r11

116

 </pre></td></tr>

117

@@ -586,7 +579,7 @@ made.

118

 </p>

119

 </td>

120

 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">

121

-<tr><td class="topsep" align="center"><p class="alttext">Updated May 14, 2011</p></td></tr>

122

+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>

123

 <tr lang="en"><td align="center" class="topsep">

124

 <p class="alttext"><b>Donate</b> to support our development efforts.

125

         </p>

1	commit: b53fa7fbcbed84ecd3eacba62a2b009f5fda7216
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Tue May 31 20:26:03 2011 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Tue May 31 20:26:03 2011 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=b53fa7fb
7
8	Updating previews
9
10	---
11	html/selinux/hb-appendix-reference.html \| 22 +++++++++++++++++++++-
12	html/selinux/hb-using-commands.html \| 20 ++++++++++++++++----
13	html/selinux/hb-using-install.html \| 9 +--------
14	3 files changed, 38 insertions(+), 13 deletions(-)
15
16	diff --git a/html/selinux/hb-appendix-reference.html b/html/selinux/hb-appendix-reference.html
17	index 9743573..986c98f 100644
18	--- a/html/selinux/hb-appendix-reference.html
19	+++ b/html/selinux/hb-appendix-reference.html
20	@@ -63,9 +63,29 @@
21	O'Reilly Media, 2004; ISBN 0596007167
22	</li>
23	</ul>
24	+<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
25	+ </span>Gentoo Specific Resources</p>
26	+<p class="secthead"><a name="doc_chap1_sect1">Gentoo Hardened</a></p>
27	+<p>
28	+The following resources are specific towards Gentoo Hardened's SELinux
29	+implementation.
30	+</p>
31	+<ul>
32	+ <li>
33	+ <a href="selinux-faq.html">SELinux Frequently Asked
34	+ Questions</a>
35	+ </li>
36	+ <li>
37	+ <a href="selinux-development.html">SELinux Development
38	+ Guidelines</a>
39	+ </li>
40	+ <li>
41	+ <a href="selinux-policy.html">SELinux Policy</a>
42	+ </li>
43	+</ul>
44	</td>
45	<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
46	-<tr><td class="topsep" align="center"><p class="alttext">Updated January 7, 2011</p></td></tr>
47	+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
48	<tr lang="en"><td align="center" class="topsep">
49	<p class="alttext"><b>Donate</b> to support our development efforts.
50	</p>
51
52	diff --git a/html/selinux/hb-using-commands.html b/html/selinux/hb-using-commands.html
53	index 50642a5..d9b6904 100644
54	--- a/html/selinux/hb-using-commands.html
55	+++ b/html/selinux/hb-using-commands.html
56	@@ -262,8 +262,14 @@ system_u system_u
57	</table>
58	<p>
59	The default behavior is that users are logged on as the <span class="emphasis">user_u</span> SELinux
60	-user. If you want to allow another user (say <span class="code" dir="ltr">anna</span>) to log on as
61	-<span class="code" dir="ltr">staff_u</span>:
62	+user. This SELinux user is a non-administrator user: it has no specific
63	+privileges and should be used for every account that never requires elevated
64	+privileges (so no <span class="code" dir="ltr">su</span> or <span class="code" dir="ltr">sudo</span> rights for anything).
65	+</p>
66	+<p>
67	+The account you use to administer your system should be mapped to the
68	+<span class="code" dir="ltr">staff_u</span> SELinux user (or its own user with the appropriate roles). This
69	+can be accomplished as follows (example with the Unix account <span class="emphasis">anna</span>):
70	</p>
71	<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
72	<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Letting 'anna' log on as 'staff_u'</p></td></tr>
73	@@ -271,8 +277,14 @@ user. If you want to allow another user (say <span class="code" dir="ltr">anna</
74	~# <span class="code-input">semanage login -a -s staff_u anna</span>
75	</pre></td></tr>
76	</table>
77	+<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffffbb"><p class="note"><b>Important: </b>
78	+Make sure that whatever account you use to administer your system is mapped to
79	+the <span class="code" dir="ltr">staff_u</span> user, or has the ability to switch to the <span class="code" dir="ltr">sysadm_r</span>
80	+role. Portage only works from within the <span class="code" dir="ltr">sysadm_r</span> role.
81	+</p></td></tr></table>
82	<p>
83	-SELinux users then can be configured to belong to one or more roles.
84	+As mentioned, SELinux users are configured to be able to join in on one or more
85	+roles. To list the available roles, you can use <span class="code" dir="ltr">semanage user -l</span>:
86	</p>
87	<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
88	<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Listing login / role mappings</p></td></tr>
89	@@ -340,7 +352,7 @@ require you to enter the regular users' password.
90	</p>
91	</td>
92	<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
93	-<tr><td class="topsep" align="center"><p class="alttext">Updated April 22, 2011</p></td></tr>
94	+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
95	<tr lang="en"><td align="center" class="topsep">
96	<p class="alttext"><b>Donate</b> to support our development efforts.
97	</p>
98
99	diff --git a/html/selinux/hb-using-install.html b/html/selinux/hb-using-install.html
100	index 6b41e61..2ce4dfe 100644
101	--- a/html/selinux/hb-using-install.html
102	+++ b/html/selinux/hb-using-install.html
103	@@ -119,13 +119,6 @@ the following settings to the right file (for instance
104	<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
105	<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: SELinux ~arch packages</p></td></tr>
106	<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
107	-sys-libs/libselinux
108	-sys-apps/policycoreutils
109	-sys-libs/libsemanage
110	-sys-libs/libsepol
111	-app-admin/setools
112	-dev-python/sepolgen
113	-sys-apps/checkpolicy
114	sec-policy/*
115	=sys-process/vixie-cron-4.1-r11
116	</pre></td></tr>
117	@@ -586,7 +579,7 @@ made.
118	</p>
119	</td>
120	<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
121	-<tr><td class="topsep" align="center"><p class="alttext">Updated May 14, 2011</p></td></tr>
122	+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
123	<tr lang="en"><td align="center" class="topsep">
124	<p class="alttext"><b>Donate</b> to support our development efforts.
125	</p>

Gentoo Archives: gentoo-commits