| 1 |
commit: e166a946c4e0e78deda5eb4ef5ff7efdfad31b45 |
| 2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
| 3 |
AuthorDate: Sun Feb 6 19:50:50 2011 +0000 |
| 4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
| 5 |
CommitDate: Sun Feb 6 19:50:50 2011 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=e166a946 |
| 7 |
|
| 8 |
Most of hardened-dev is moved to official Portage, so update docs to reflect this |
| 9 |
|
| 10 |
--- |
| 11 |
xml/selinux/hb-using-install.xml | 43 ++++++++++++++++++++++++++++--------- |
| 12 |
1 files changed, 32 insertions(+), 11 deletions(-) |
| 13 |
|
| 14 |
diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-install.xml |
| 15 |
index d341941..9d72e36 100644 |
| 16 |
--- a/xml/selinux/hb-using-install.xml |
| 17 |
+++ b/xml/selinux/hb-using-install.xml |
| 18 |
@@ -8,7 +8,7 @@ |
| 19 |
|
| 20 |
<sections> |
| 21 |
<version>0</version> |
| 22 |
-<date>2011-01-16</date> |
| 23 |
+<date>2011-02-06</date> |
| 24 |
|
| 25 |
<section> |
| 26 |
<title>Installing Gentoo Hardened</title> |
| 27 |
@@ -60,18 +60,14 @@ system is 512 byte. Since the default is 256, you will need to run the |
| 28 |
<title>Installing the Hardened Development Overlay</title> |
| 29 |
<body> |
| 30 |
|
| 31 |
-<warn> |
| 32 |
-The current SELinux ebuilds and packages in the official Portage tree are not |
| 33 |
-sufficient to get SELinux working. The Gentoo Hardened team is working hard to |
| 34 |
-get the SELinux related packages in good shape and is using the |
| 35 |
-<c>hardened-development</c> overlay as the current development repository. As |
| 36 |
-documentation is equally important as packages, this book is already written |
| 37 |
-taking this overlay in mind. Once the packages are migrated to the stable |
| 38 |
-Portage tree, the documentation will be updated accordingly. |
| 39 |
-</warn> |
| 40 |
+<p> |
| 41 |
+Although optional, we recommend to enable the <c>hardened-development</c> |
| 42 |
+overlay. The state of SELinux within Gentoo Hardened is still undergoing |
| 43 |
+major development. |
| 44 |
+</p> |
| 45 |
|
| 46 |
<p> |
| 47 |
-Now install <c>app-portage/layman</c> and add the <c>hardened-development</c> |
| 48 |
+Install <c>app-portage/layman</c> and add the <c>hardened-development</c> |
| 49 |
overlay. This overlay uses a git repository, so either install <c>git</c> as |
| 50 |
well, or set <c>USE="git"</c> in <path>/etc/make.conf</path>. |
| 51 |
Make sure to include layman's <path>make.conf</path> in your |
| 52 |
@@ -345,6 +341,31 @@ utilities, label our file system and configure the policy. |
| 53 |
</body> |
| 54 |
</subsection> |
| 55 |
<subsection> |
| 56 |
+<title>Enabling ~Arch Packages</title> |
| 57 |
+<body> |
| 58 |
+ |
| 59 |
+<p> |
| 60 |
+The current stable SELinux related packages are not fit for use anymore (or are |
| 61 |
+even broken) so we seriously recommend to enable ~arch packages for SELinux. Add |
| 62 |
+the following settings to the right file (for instance |
| 63 |
+<path>/etc/portage/package.accept_keywords/selinux</path>): |
| 64 |
+</p> |
| 65 |
+ |
| 66 |
+<pre caption="SELinux ~arch packages"> |
| 67 |
+sys-libs/libselinux |
| 68 |
+sys-apps/policycoreutils |
| 69 |
+sys-libs/libsemanage |
| 70 |
+sys-libs/libsepol |
| 71 |
+app-admin/setools |
| 72 |
+dev-python/sepolgen |
| 73 |
+sys-apps/checkpolicy |
| 74 |
+sec-policy/* |
| 75 |
+=sys-process/vixie-cron-4.1-r11 |
| 76 |
+</pre> |
| 77 |
+ |
| 78 |
+</body> |
| 79 |
+</subsection> |
| 80 |
+<subsection> |
| 81 |
<title>Install Policies and Utilities</title> |
| 82 |
<body> |
Archives