Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Francisco Blas Izquierdo Riera <klondike@×××××××××.es>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-docs:master commit in: html/, html/rsbac/, html/docs/, html/selinux/
Date: Mon, 02 Apr 2012 15:51:24
Message-Id: 1333381798.003edd746c8f73e9b9aa7e947dcb1e153a8f97ba.klondike@gentoo
1 commit: 003edd746c8f73e9b9aa7e947dcb1e153a8f97ba
2 Author: klondike <klondike <AT> xiscosoft <DOT> es>
3 AuthorDate: Mon Apr 2 15:49:58 2012 +0000
4 Commit: Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
5 CommitDate: Mon Apr 2 15:49:58 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=003edd74
7
8 Updating previews
9
10 ---
11 html/capabilities.html | 4 +-
12 html/docs/devel-chroots-intro.html | 8 +-
13 html/docs/glossary.html | 8 +-
14 html/docs/index.html | 4 +-
15 html/docs/pax-howto.html | 8 +-
16 html/etdyn.html | 4 +-
17 html/gnu-stack.html | 4 +-
18 html/grsec-tpe.html | 8 +-
19 html/grsecurity.html | 6 +-
20 html/hardened-debugging.html | 8 +-
21 html/hardened-toolchain.html | 8 +-
22 html/hardened-virtualization.html | 8 +-
23 html/hardenedfaq.html | 4 +-
24 html/hardenedxorg.html | 4 +-
25 html/index.html | 34 ++++-
26 html/index2.html | 9 +-
27 html/pax-quickstart.html | 8 +-
28 html/pax-utils.html | 8 +-
29 html/pic-fix-guide.html | 4 +-
30 html/pic-guide.html | 8 +-
31 html/pic-internals.html | 8 +-
32 html/pie-ssp.html | 4 +-
33 html/prelude-ids.html | 4 +-
34 html/primer.html | 4 +-
35 html/{pax-utils.html => revdep-pax.html} | 217 ++++++++++++--------------
36 html/roadmap.html | 13 ++-
37 html/rsbac/index.html | 2 +-
38 html/rsbac/intro.html | 8 +-
39 html/rsbac/overview.html | 8 +-
40 html/rsbac/quickstart.html | 8 +-
41 html/rsbac/transition.html | 8 +-
42 html/selinux-bugreporting.html | 11 +-
43 html/selinux-development.html | 8 +-
44 html/selinux-faq.html | 70 +++++++--
45 html/selinux-policy.html | 8 +-
46 html/selinux/hb-intro-concepts.html | 4 +-
47 html/selinux/hb-intro-enhancingsecurity.html | 4 +-
48 html/selinux/hb-intro-referencepolicy.html | 4 +-
49 html/selinux/hb-intro-resources.html | 4 +-
50 html/selinux/hb-intro-virtualization.html | 4 +-
51 html/selinux/hb-using-commands.html | 4 +-
52 html/selinux/hb-using-configuring.html | 4 +-
53 html/selinux/hb-using-install.html | 72 +++++-----
54 html/selinux/hb-using-policies.html | 14 ++-
55 html/selinux/hb-using-states.html | 4 +-
56 html/selinux/hb-using-troubleshoot.html | 79 +++++++++-
57 html/selinux/index.html | 2 +-
58 html/selinux/selinux-handbook.html | 8 +-
59 html/support-state.html | 4 +-
60 html/toolchain-upgrade-guide.html | 8 +-
61 50 files changed, 474 insertions(+), 283 deletions(-)
62
63 diff --git a/html/capabilities.html b/html/capabilities.html
64 index 6e8fa7a..daaf5b6 100644
65 --- a/html/capabilities.html
66 +++ b/html/capabilities.html
67 @@ -401,7 +401,7 @@
68 </td>
69 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
70 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="capabilities.xml?style=printable">Print</a></p></td></tr>
71 -<tr><td class="topsep" align="center"><p class="alttext">Updated January 22, 2005</p></td></tr>
72 +<tr><td class="topsep" align="center"><p class="alttext">Page updated January 22, 2005</p></td></tr>
73 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
74 POSIX capabilities are a partitioning of the all powerful root privilege into a
75 set of distinct privileges
76 @@ -422,7 +422,7 @@ set of distinct privileges
77 </table></td>
78 </tr></table></td></tr>
79 <tr><td colspan="2" align="right" class="infohead">
80 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
81 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
82 </td></tr>
83 </table></body>
84 </html>
85
86 diff --git a/html/docs/devel-chroots-intro.html b/html/docs/devel-chroots-intro.html
87 index 61dbec9..87acdfd 100644
88 --- a/html/docs/devel-chroots-intro.html
89 +++ b/html/docs/devel-chroots-intro.html
90 @@ -426,7 +426,9 @@ of scripts and users for having their work done!
91 <!--
92 <rdf:RDF xmlns="http://web.resource.org/cc/"
93 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
94 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
95 +
96 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
97 +
98 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
99 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
100 <requires rdf:resource="http://web.resource.org/cc/Notice" />
101 @@ -439,7 +441,7 @@ of scripts and users for having their work done!
102 </td>
103 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
104 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="devel-chroots-intro.xml?style=printable">Print</a></p></td></tr>
105 -<tr><td class="topsep" align="center"><p class="alttext">Updated December 6, 2006</p></td></tr>
106 +<tr><td class="topsep" align="center"><p class="alttext">Page updated December 6, 2006</p></td></tr>
107 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
108 This guide covers the installation, configuration and set up
109 of chroots using a tool developed for the Gentoo dev machines.
110 @@ -458,7 +460,7 @@ of chroots using a tool developed for the Gentoo dev machines.
111 </table></td>
112 </tr></table></td></tr>
113 <tr><td colspan="2" align="right" class="infohead">
114 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
115 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
116 </td></tr>
117 </table></body>
118 </html>
119
120 diff --git a/html/docs/glossary.html b/html/docs/glossary.html
121 index 610af23..e362ec7 100644
122 --- a/html/docs/glossary.html
123 +++ b/html/docs/glossary.html
124 @@ -127,7 +127,9 @@ rules so that lml can monitor other projects like SELinux.
125 <!--
126 <rdf:RDF xmlns="http://web.resource.org/cc/"
127 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
128 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
129 +
130 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
131 +
132 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
133 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
134 <requires rdf:resource="http://web.resource.org/cc/Notice" />
135 @@ -140,7 +142,7 @@ rules so that lml can monitor other projects like SELinux.
136 </td>
137 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
138 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="docs/glossary.xml?style=printable">Print</a></p></td></tr>
139 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 7, 2004</p></td></tr>
140 +<tr><td class="topsep" align="center"><p class="alttext">Page updated August 7, 2004</p></td></tr>
141 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
142 This document introduces the Gentoo Hardened project and covers
143 each of its subprojects in simple terms.
144 @@ -159,7 +161,7 @@ each of its subprojects in simple terms.
145 </table></td>
146 </tr></table></td></tr>
147 <tr><td colspan="2" align="right" class="infohead">
148 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
149 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
150 </td></tr>
151 </table></body>
152 </html>
153
154 diff --git a/html/docs/index.html b/html/docs/index.html
155 index 81ff591..769c5c2 100644
156 --- a/html/docs/index.html
157 +++ b/html/docs/index.html
158 @@ -144,7 +144,7 @@ up and running with a PaX kernel and PIE/SSP userland.
159 <br><br>
160 </td>
161 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
162 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 7, 2004</p></td></tr>
163 +<tr><td class="topsep" align="center"><p class="alttext">Page updated August 7, 2004</p></td></tr>
164 <tr lang="en"><td align="center" class="topsep">
165 <p class="alttext"><b>Donate</b> to support our development efforts.
166 </p>
167 @@ -156,7 +156,7 @@ up and running with a PaX kernel and PIE/SSP userland.
168 </table></td>
169 </tr>
170 <tr lang="en"><td align="right" class="infohead" colspan="3">
171 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
172 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
173 </td></tr>
174 </table></body>
175 </html>
176
177 diff --git a/html/docs/pax-howto.html b/html/docs/pax-howto.html
178 index e1c16bd..7c83368 100644
179 --- a/html/docs/pax-howto.html
180 +++ b/html/docs/pax-howto.html
181 @@ -233,7 +233,9 @@ to run.
182 <!--
183 <rdf:RDF xmlns="http://web.resource.org/cc/"
184 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
185 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
186 +
187 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
188 +
189 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
190 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
191 <requires rdf:resource="http://web.resource.org/cc/Notice" />
192 @@ -246,7 +248,7 @@ to run.
193 </td>
194 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
195 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="docs/pax-howto.xml?style=printable">Print</a></p></td></tr>
196 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 7, 2004</p></td></tr>
197 +<tr><td class="topsep" align="center"><p class="alttext">Page updated August 7, 2004</p></td></tr>
198 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
199 A quickstart covering PaX and Hardened Gentoo.
200 </p></td></tr>
201 @@ -266,7 +268,7 @@ A quickstart covering PaX and Hardened Gentoo.
202 </table></td>
203 </tr></table></td></tr>
204 <tr><td colspan="2" align="right" class="infohead">
205 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
206 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
207 </td></tr>
208 </table></body>
209 </html>
210
211 diff --git a/html/etdyn.html b/html/etdyn.html
212 index c452472..0ed3663 100644
213 --- a/html/etdyn.html
214 +++ b/html/etdyn.html
215 @@ -180,7 +180,7 @@ GNU/Linux 2.0.0, dynamically linked (uses shared libs), stripped
216 </td>
217 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
218 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="etdyn.xml?style=printable">Print</a></p></td></tr>
219 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 5, 2003</p></td></tr>
220 +<tr><td class="topsep" align="center"><p class="alttext">Page updated August 5, 2003</p></td></tr>
221 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
222 This guide contains documentation and examples on how to create dynamic ELF executables.
223 These guidelines are required to achieve full Address Space Layout Randomization.
224 @@ -207,7 +207,7 @@ These guidelines are required to achieve full Address Space Layout Randomization
225 </table></td>
226 </tr></table></td></tr>
227 <tr><td colspan="2" align="right" class="infohead">
228 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
229 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
230 </td></tr>
231 </table></body>
232 </html>
233
234 diff --git a/html/gnu-stack.html b/html/gnu-stack.html
235 index 7816043..c697138 100644
236 --- a/html/gnu-stack.html
237 +++ b/html/gnu-stack.html
238 @@ -403,7 +403,7 @@ If no one can seem to answer your question, give me a poke either on irc
239 </td>
240 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
241 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="gnu-stack.xml?style=printable">Print</a></p></td></tr>
242 -<tr><td class="topsep" align="center"><p class="alttext">Updated June 11, 2011</p></td></tr>
243 +<tr><td class="topsep" align="center"><p class="alttext">Page updated June 11, 2011</p></td></tr>
244 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>Handbook for proper GNU Stack management in ELF systems</p></td></tr>
245 <tr><td align="left" class="topsep"><p class="alttext">
246 <a href="mailto:vapier@g.o" class="altlink"><b>Mike Frysinger</b></a>
247 @@ -427,7 +427,7 @@ If no one can seem to answer your question, give me a poke either on irc
248 </table></td>
249 </tr></table></td></tr>
250 <tr><td colspan="2" align="right" class="infohead">
251 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
252 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
253 </td></tr>
254 </table></body>
255 </html>
256
257 diff --git a/html/grsec-tpe.html b/html/grsec-tpe.html
258 index f30eac0..e440fb5 100644
259 --- a/html/grsec-tpe.html
260 +++ b/html/grsec-tpe.html
261 @@ -2648,7 +2648,9 @@ still be modified by that user.
262 <!--
263 <rdf:RDF xmlns="http://web.resource.org/cc/"
264 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
265 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
266 +
267 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
268 +
269 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
270 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
271 <requires rdf:resource="http://web.resource.org/cc/Notice" />
272 @@ -2661,7 +2663,7 @@ still be modified by that user.
273 </td>
274 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
275 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="grsec-tpe.xml?style=printable">Print</a></p></td></tr>
276 -<tr><td class="topsep" align="center"><p class="alttext">Updated 2011-3-27</p></td></tr>
277 +<tr><td class="topsep" align="center"><p class="alttext">Page updated 2011-3-27</p></td></tr>
278 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
279 TPE tends to be one of the harder to understand parts of GRSecurity as options
280 like invert GID can be confusing at times. In this documents we explain how each
281 @@ -2682,7 +2684,7 @@ suite.
282 </table></td>
283 </tr></table></td></tr>
284 <tr><td colspan="2" align="right" class="infohead">
285 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
286 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
287 </td></tr>
288 </table></body>
289 </html>
290
291 diff --git a/html/grsecurity.html b/html/grsecurity.html
292 index 67980e1..03d2b7a 100644
293 --- a/html/grsecurity.html
294 +++ b/html/grsecurity.html
295 @@ -179,7 +179,7 @@ CONFIG_GRKERNSEC_HIDESYM=y
296 </table>
297 <p>
298 If you are running a non-x86 system you will observe that there is no
299 -CONFIG_GRKERNSEC_PAX_NOEXEC. You should select CONFIG_GRKERNSEC_PAX_PAGEEXEC
300 +CONFIG_GRKERNSEC_PAX_SEGMEXEC. You should select CONFIG_GRKERNSEC_PAX_PAGEEXEC
301 instead as it is the only non-exec implementation around.
302 </p>
303 <p class="secthead"><a name="doc_chap2_sect3">Controlling PaX</a></p>
304 @@ -802,7 +802,7 @@ USE variable in <span class="path" dir="ltr">/etc/make.conf</span>.
305 </td>
306 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
307 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="grsecurity.xml?style=printable">Print</a></p></td></tr>
308 -<tr><td class="topsep" align="center"><p class="alttext">Updated May 10, 2010</p></td></tr>
309 +<tr><td class="topsep" align="center"><p class="alttext">Page updated December 23, 2011</p></td></tr>
310 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
311 This document features the grsecurity 2.x security patches, supported kernel
312 configuration options and tools provided by the grsecurity project to lift your
313 @@ -824,7 +824,7 @@ system's security to higher standards.
314 </table></td>
315 </tr></table></td></tr>
316 <tr><td colspan="2" align="right" class="infohead">
317 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
318 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
319 </td></tr>
320 </table></body>
321 </html>
322
323 diff --git a/html/hardened-debugging.html b/html/hardened-debugging.html
324 index 224dc63..014ef3d 100644
325 --- a/html/hardened-debugging.html
326 +++ b/html/hardened-debugging.html
327 @@ -173,7 +173,9 @@ used <span class="code" dir="ltr">paxctl</span> you can reset the flags to defau
328 <!--
329 <rdf:RDF xmlns="http://web.resource.org/cc/"
330 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
331 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
332 +
333 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
334 +
335 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
336 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
337 <requires rdf:resource="http://web.resource.org/cc/Notice" />
338 @@ -186,7 +188,7 @@ used <span class="code" dir="ltr">paxctl</span> you can reset the flags to defau
339 </td>
340 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
341 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardenedfaq.xml?style=printable">Print</a></p></td></tr>
342 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 26, 2010</p></td></tr>
343 +<tr><td class="topsep" align="center"><p class="alttext">Page updated October 26, 2010</p></td></tr>
344 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
345 In this document we study the ways to do proper binary debugging when using a
346 hardened kernel and toolcahin with PaX/Grsec, PIE and SSP.
347 @@ -208,7 +210,7 @@ hardened kernel and toolcahin with PaX/Grsec, PIE and SSP.
348 </table></td>
349 </tr></table></td></tr>
350 <tr><td colspan="2" align="right" class="infohead">
351 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
352 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
353 </td></tr>
354 </table></body>
355 </html>
356
357 diff --git a/html/hardened-toolchain.html b/html/hardened-toolchain.html
358 index f6d6043..d72c7b4 100644
359 --- a/html/hardened-toolchain.html
360 +++ b/html/hardened-toolchain.html
361 @@ -315,7 +315,9 @@ The following packages have issues with BIND_NOW at the time of writing, and it
362 <!--
363 <rdf:RDF xmlns="http://web.resource.org/cc/"
364 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
365 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
366 +
367 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
368 +
369 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
370 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
371 <requires rdf:resource="http://web.resource.org/cc/Notice" />
372 @@ -328,7 +330,7 @@ The following packages have issues with BIND_NOW at the time of writing, and it
373 </td>
374 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
375 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardened-toolchain.xml?style=printable">Print</a></p></td></tr>
376 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 31, 2006</p></td></tr>
377 +<tr><td class="topsep" align="center"><p class="alttext">Page updated August 31, 2006</p></td></tr>
378 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
379 Technical description of, and rationale for, the Gentoo Hardened Toolchain modifications.
380 </p></td></tr>
381 @@ -350,7 +352,7 @@ Technical description of, and rationale for, the Gentoo Hardened Toolchain modif
382 </table></td>
383 </tr></table></td></tr>
384 <tr><td colspan="2" align="right" class="infohead">
385 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
386 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
387 </td></tr>
388 </table></body>
389 </html>
390
391 diff --git a/html/hardened-virtualization.html b/html/hardened-virtualization.html
392 index aadd0d6..2022331 100644
393 --- a/html/hardened-virtualization.html
394 +++ b/html/hardened-virtualization.html
395 @@ -137,7 +137,9 @@ KVM related resources:
396 <!--
397 <rdf:RDF xmlns="http://web.resource.org/cc/"
398 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
399 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
400 +
401 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
402 +
403 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
404 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
405 <requires rdf:resource="http://web.resource.org/cc/Notice" />
406 @@ -150,7 +152,7 @@ KVM related resources:
407 </td>
408 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
409 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardened-virtualization.xml?style=printable">Print</a></p></td></tr>
410 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 31, 2010</p></td></tr>
411 +<tr><td class="topsep" align="center"><p class="alttext">Page updated October 31, 2010</p></td></tr>
412 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
413 Virtualization is a key component in current IT infrastructure. Although
414 one can easily harden a virtualized operating system instance, you still
415 @@ -171,7 +173,7 @@ insight on how to harden the host using Gentoo Hardened.
416 </table></td>
417 </tr></table></td></tr>
418 <tr><td colspan="2" align="right" class="infohead">
419 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
420 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
421 </td></tr>
422 </table></body>
423 </html>
424
425 diff --git a/html/hardenedfaq.html b/html/hardenedfaq.html
426 index e205b49..9fe06a6 100644
427 --- a/html/hardenedfaq.html
428 +++ b/html/hardenedfaq.html
429 @@ -537,7 +537,7 @@ There is a <a href="selinux-faq.html"> SELinux specific FAQ
430 </td>
431 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
432 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardenedfaq.xml?style=printable">Print</a></p></td></tr>
433 -<tr><td class="topsep" align="center"><p class="alttext">Updated 2011-3-27</p></td></tr>
434 +<tr><td class="topsep" align="center"><p class="alttext">Page updated 2011-3-27</p></td></tr>
435 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
436 Frequently Asked Questions that arise on the #gentoo-hardened IRC channel and
437 the gentoo-hardened mailing list.
438 @@ -568,7 +568,7 @@ the gentoo-hardened mailing list.
439 </table></td>
440 </tr></table></td></tr>
441 <tr><td colspan="2" align="right" class="infohead">
442 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
443 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
444 </td></tr>
445 </table></body>
446 </html>
447
448 diff --git a/html/hardenedxorg.html b/html/hardenedxorg.html
449 index 7d2d916..b7492fe 100644
450 --- a/html/hardenedxorg.html
451 +++ b/html/hardenedxorg.html
452 @@ -118,7 +118,7 @@ The PaX flags -P (PAGEEXEC), -S (SEGMEXEC), -M (MPROTECT) as well as -R (RANDMMA
453 </td>
454 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
455 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="hardenedxorg.xml?style=printable">Print</a></p></td></tr>
456 -<tr><td class="topsep" align="center"><p class="alttext">Updated December 23, 2006</p></td></tr>
457 +<tr><td class="topsep" align="center"><p class="alttext">Page updated December 23, 2006</p></td></tr>
458 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
459 How to install and use Xorg on Hardened Gentoo
460 </p></td></tr>
461 @@ -144,7 +144,7 @@ How to install and use Xorg on Hardened Gentoo
462 </table></td>
463 </tr></table></td></tr>
464 <tr><td colspan="2" align="right" class="infohead">
465 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
466 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
467 </td></tr>
468 </table></body>
469 </html>
470
471 diff --git a/html/index.html b/html/index.html
472 index 584d5db..31c3878 100644
473 --- a/html/index.html
474 +++ b/html/index.html
475 @@ -81,6 +81,11 @@ Gentoo once they've been tested for security and stability by the Hardened team.
476 <td class="tableinfo">Member ( Doc, PR )</td>
477 </tr>
478 <tr>
479 + <td class="tableinfo">Daniel Kuehn</td>
480 + <td class="tableinfo">lejonet</td>
481 + <td class="tableinfo">Member ( Hardened sources )</td>
482 + </tr>
483 + <tr>
484 <td class="tableinfo">Gysbert Wassenaar</td>
485 <td class="tableinfo">nixnut</td>
486 <td class="tableinfo">Member ( PPC arch team liaison )</td>
487 @@ -146,6 +151,13 @@ project:
488 <td class="tableinfo">SELinux is a system of mandatory access controls. SELinux can enforce the security policy over all processes and objects in the system.</td>
489 </tr>
490 <tr>
491 + <td class="tableinfo">
492 + <a href="rsbac/index.html">RSBAC</a>
493 + </td>
494 + <td class="tableinfo">Anthony G. Basile</td>
495 + <td class="tableinfo">RSBAC is Mandatory Access Control security system based on the GFAC framework logic. It includes standard models, like the Role Compatibility, Access Control Lists and Mandatory Access Control. RSBAC enforces access control rules on your operating system.</td>
496 + </tr>
497 + <tr>
498 <td class="tableinfo">PaX/Grsecurity</td>
499 <td class="tableinfo">Anthony G. Basile</td>
500 <td class="tableinfo">
501 @@ -269,6 +281,9 @@ GNU Stack Quickstart
502 <a href="selinux-development.html">Gentoo Hardened SELinux Development Guide</a>
503 </li>
504 <li>
505 + <a href="selinux-bugreporting.html">Reporting SELinux (policy) bugs</a>
506 + </li>
507 + <li>
508 <a href="selinux-policy.html">Gentoo Hardened SELinux Development Policy</a>
509 </li>
510 <li>
511 @@ -279,6 +294,19 @@ GNU Stack Quickstart
512 </li>
513 </ul>
514 </li>
515 + <li>
516 + <b>Rule Set Based Access Control
517 + subproject resources
518 + </b>
519 + <ul>
520 + <li>
521 + <a href="rsbac/overview.html">RSBAC Overview</a>
522 + </li>
523 + <li>
524 + <a href="rsbac/quickstart.html">RSBAC Quickstart</a>
525 + </li>
526 + </ul>
527 + </li>
528 </ul>
529 <p class="chaphead"><a name="doc_chap7"></a><span class="chapnum">7.
530 </span>Herds</p>
531 @@ -293,7 +321,7 @@ GNU Stack Quickstart
532 </tr>
533 <tr>
534 <td class="tableinfo">hardened</td>
535 - <td class="tableinfo">blueness, chainsaw, gengor, klondike, nixnut, pebenito, solar, swift, zorry</td>
536 + <td class="tableinfo">blueness, chainsaw, gengor, klondike, lejonet, nixnut, pebenito, prometheanfire, solar, swift, zorry</td>
537 <td class="tableinfo">Hardened Gentoo project packages and policy</td>
538 </tr>
539 <tr>
540 @@ -332,7 +360,7 @@ greatly appreciated.
541 </td>
542 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
543 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="index.xml?style=printable">Print</a></p></td></tr>
544 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 12, 2011</p></td></tr>
545 +<tr><td class="topsep" align="center"><p class="alttext">Page updated August 12, 2011</p></td></tr>
546 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>Hardened Gentoo brings advanced security measures to Gentoo Linux.</p></td></tr>
547 <tr><td align="left" class="topsep"><p class="alttext">Gentoo Project<br><i>script generated</i><br></p></td></tr>
548 <tr lang="en"><td align="center" class="topsep">
549 @@ -346,7 +374,7 @@ greatly appreciated.
550 </table></td>
551 </tr></table></td></tr>
552 <tr><td colspan="2" align="right" class="infohead">
553 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
554 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
555 </td></tr>
556 </table></body>
557 </html>
558
559 diff --git a/html/index2.html b/html/index2.html
560 index 61f6f0b..9021b40 100644
561 --- a/html/index2.html
562 +++ b/html/index2.html
563 @@ -256,6 +256,9 @@ GNU Stack Quickstart</a>
564 <a href="selinux-development.html">Gentoo Hardened SELinux Development Guide</a>
565 </li>
566 <li>
567 + <a href="selinux-bugreporting.html">Reporting SELinux (policy) bugs</a>
568 + </li>
569 + <li>
570 <a href="selinux-policy.html">Gentoo Hardened SELinux Development Policy</a>
571 </li>
572 <li>
573 @@ -280,7 +283,7 @@ GNU Stack Quickstart</a>
574 </tr>
575 <tr>
576 <td class="tableinfo">hardened</td>
577 - <td class="tableinfo">blueness, chainsaw, gengor, klondike, nixnut, pebenito, solar, swift, zorry</td>
578 + <td class="tableinfo">blueness, chainsaw, gengor, klondike, lejonet, nixnut, pebenito, prometheanfire, solar, swift, zorry</td>
579 <td class="tableinfo">Hardened Gentoo project packages and policy</td>
580 </tr>
581 <tr>
582 @@ -319,7 +322,7 @@ greatly appreciated.
583 </td>
584 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
585 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="index.xml?style=printable">Print</a></p></td></tr>
586 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 25, 2010</p></td></tr>
587 +<tr><td class="topsep" align="center"><p class="alttext">Page updated October 25, 2010</p></td></tr>
588 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>Hardened Gentoo brings advanced security measures to Gentoo Linux.</p></td></tr>
589 <tr><td align="left" class="topsep"><p class="alttext">Gentoo Project<br><i>script generated</i><br></p></td></tr>
590 <tr lang="en"><td align="center" class="topsep">
591 @@ -333,7 +336,7 @@ greatly appreciated.
592 </table></td>
593 </tr></table></td></tr>
594 <tr><td colspan="2" align="right" class="infohead">
595 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
596 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
597 </td></tr>
598 </table></body>
599 </html>
600
601 diff --git a/html/pax-quickstart.html b/html/pax-quickstart.html
602 index b55140f..b7e8831 100644
603 --- a/html/pax-quickstart.html
604 +++ b/html/pax-quickstart.html
605 @@ -238,7 +238,9 @@ to run. Often we find that we need the -m -sp combos.
606 <!--
607 <rdf:RDF xmlns="http://web.resource.org/cc/"
608 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
609 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
610 +
611 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
612 +
613 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
614 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
615 <requires rdf:resource="http://web.resource.org/cc/Notice" />
616 @@ -251,7 +253,7 @@ to run. Often we find that we need the -m -sp combos.
617 </td>
618 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
619 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pax-quickstart.xml?style=printable">Print</a></p></td></tr>
620 -<tr><td class="topsep" align="center"><p class="alttext">Updated September 11, 2007</p></td></tr>
621 +<tr><td class="topsep" align="center"><p class="alttext">Page updated September 11, 2007</p></td></tr>
622 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
623 A quickstart covering PaX and Hardened Gentoo.
624 </p></td></tr>
625 @@ -273,7 +275,7 @@ A quickstart covering PaX and Hardened Gentoo.
626 </table></td>
627 </tr></table></td></tr>
628 <tr><td colspan="2" align="right" class="infohead">
629 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
630 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
631 </td></tr>
632 </table></body>
633 </html>
634
635 diff --git a/html/pax-utils.html b/html/pax-utils.html
636 index 264f52e..07c8b08 100644
637 --- a/html/pax-utils.html
638 +++ b/html/pax-utils.html
639 @@ -650,7 +650,9 @@ struct {
640 <!--
641 <rdf:RDF xmlns="http://web.resource.org/cc/"
642 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
643 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
644 +
645 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
646 +
647 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
648 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
649 <requires rdf:resource="http://web.resource.org/cc/Notice" />
650 @@ -663,7 +665,7 @@ struct {
651 </td>
652 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
653 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="swift?style=printable">Print</a></p></td></tr>
654 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 29, 2010</p></td></tr>
655 +<tr><td class="topsep" align="center"><p class="alttext">Page updated August 29, 2010</p></td></tr>
656 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
657 This guide provides instruction on securing your system by using the pax-utils
658 package to find and identify problematic binaries.
659 @@ -686,7 +688,7 @@ package to find and identify problematic binaries.
660 </table></td>
661 </tr></table></td></tr>
662 <tr><td colspan="2" align="right" class="infohead">
663 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
664 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
665 </td></tr>
666 </table></body>
667 </html>
668
669 diff --git a/html/pic-fix-guide.html b/html/pic-fix-guide.html
670 index eef91a5..d010132 100644
671 --- a/html/pic-fix-guide.html
672 +++ b/html/pic-fix-guide.html
673 @@ -849,7 +849,7 @@ mmx32_rgb888_mask dd 00ffffffh,00ffffffh
674 </td>
675 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
676 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-fix-guide.xml?style=printable">Print</a></p></td></tr>
677 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 19, 2007</p></td></tr>
678 +<tr><td class="topsep" align="center"><p class="alttext">Page updated August 19, 2007</p></td></tr>
679 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>A guide for tracking down and fixing .text relocations (TEXTRELs)</p></td></tr>
680 <tr><td align="left" class="topsep"><p class="alttext">
681 <a href="mailto:vapier@g.o" class="altlink"><b>Mike Frysinger</b></a>
682 @@ -871,7 +871,7 @@ mmx32_rgb888_mask dd 00ffffffh,00ffffffh
683 </table></td>
684 </tr></table></td></tr>
685 <tr><td colspan="2" align="right" class="infohead">
686 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
687 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
688 </td></tr>
689 </table></body>
690 </html>
691
692 diff --git a/html/pic-guide.html b/html/pic-guide.html
693 index 8945abc..de96fce 100644
694 --- a/html/pic-guide.html
695 +++ b/html/pic-guide.html
696 @@ -137,7 +137,9 @@ References:
697 <!--
698 <rdf:RDF xmlns="http://web.resource.org/cc/"
699 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
700 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
701 +
702 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
703 +
704 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
705 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
706 <requires rdf:resource="http://web.resource.org/cc/Notice" />
707 @@ -150,7 +152,7 @@ References:
708 </td>
709 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
710 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-guide.xml?style=printable">Print</a></p></td></tr>
711 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 11, 2005</p></td></tr>
712 +<tr><td class="topsep" align="center"><p class="alttext">Page updated October 11, 2005</p></td></tr>
713 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>What every developer should understand about using Position Independent Code</p></td></tr>
714 <tr><td align="left" class="topsep"><p class="alttext">
715 <a href="mailto:solar@g.o" class="altlink"><b>solar</b></a>
716 @@ -168,7 +170,7 @@ References:
717 </table></td>
718 </tr></table></td></tr>
719 <tr><td colspan="2" align="right" class="infohead">
720 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
721 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
722 </td></tr>
723 </table></body>
724 </html>
725
726 diff --git a/html/pic-internals.html b/html/pic-internals.html
727 index 72fec94..a2da28d 100644
728 --- a/html/pic-internals.html
729 +++ b/html/pic-internals.html
730 @@ -209,7 +209,9 @@ These executables simply do not need the PIC addressing mode for their functions
731 <!--
732 <rdf:RDF xmlns="http://web.resource.org/cc/"
733 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
734 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
735 +
736 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
737 +
738 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
739 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
740 <requires rdf:resource="http://web.resource.org/cc/Notice" />
741 @@ -222,7 +224,7 @@ These executables simply do not need the PIC addressing mode for their functions
742 </td>
743 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
744 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pic-internals.xml?style=printable">Print</a></p></td></tr>
745 -<tr><td class="topsep" align="center"><p class="alttext">Updated February 14, 2004</p></td></tr>
746 +<tr><td class="topsep" align="center"><p class="alttext">Page updated February 14, 2004</p></td></tr>
747 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>Understanding the impact of text relocations and explaining the use of PIC in shared libraries</p></td></tr>
748 <tr><td align="left" class="topsep"><p class="alttext">
749 <a href="mailto:a.gabert@××××××××.de" class="altlink"><b>Alexander Gabert</b></a>
750 @@ -242,7 +244,7 @@ These executables simply do not need the PIC addressing mode for their functions
751 </table></td>
752 </tr></table></td></tr>
753 <tr><td colspan="2" align="right" class="infohead">
754 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
755 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
756 </td></tr>
757 </table></body>
758 </html>
759
760 diff --git a/html/pie-ssp.html b/html/pie-ssp.html
761 index f9d7069..9d543c5 100644
762 --- a/html/pie-ssp.html
763 +++ b/html/pie-ssp.html
764 @@ -234,7 +234,7 @@ Lisa Marie Seelye says you need the same hgcc and gcc versions on all distcc hos
765 </td>
766 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
767 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pie-ssp.xml?style=printable">Print</a></p></td></tr>
768 -<tr><td class="topsep" align="center"><p class="alttext">Updated November 27, 2010</p></td></tr>
769 +<tr><td class="topsep" align="center"><p class="alttext">Page updated November 27, 2010</p></td></tr>
770 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>(This DOC is badly outdated and mostly obsolete) This introductionary guide explains the basic behaviour of the hardened toolchain.</p></td></tr>
771 <tr><td align="left" class="topsep"><p class="alttext">
772 <a href="mailto:a.gabert@××××××××.de" class="altlink"><b>Alexander Gabert</b></a>
773 @@ -252,7 +252,7 @@ Lisa Marie Seelye says you need the same hgcc and gcc versions on all distcc hos
774 </table></td>
775 </tr></table></td></tr>
776 <tr><td colspan="2" align="right" class="infohead">
777 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
778 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
779 </td></tr>
780 </table></body>
781 </html>
782
783 diff --git a/html/prelude-ids.html b/html/prelude-ids.html
784 index e1f0acc..4a17c15 100644
785 --- a/html/prelude-ids.html
786 +++ b/html/prelude-ids.html
787 @@ -596,7 +596,7 @@ $conf{'dbpasswd'}='dbpass';
788 </td>
789 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
790 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="prelude-ids.xml?style=printable">Print</a></p></td></tr>
791 -<tr><td class="topsep" align="center"><p class="alttext">Updated July 17, 2003</p></td></tr>
792 +<tr><td class="topsep" align="center"><p class="alttext">Page updated July 17, 2003</p></td></tr>
793 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
794 This guide will assist you in setting up the Prelude Intrustion Detection System along with the rules needed to make it useful.
795 </p></td></tr>
796 @@ -618,7 +618,7 @@ $conf{'dbpasswd'}='dbpass';
797 </table></td>
798 </tr></table></td></tr>
799 <tr><td colspan="2" align="right" class="infohead">
800 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
801 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
802 </td></tr>
803 </table></body>
804 </html>
805
806 diff --git a/html/primer.html b/html/primer.html
807 index 598463b..ef14ec9 100644
808 --- a/html/primer.html
809 +++ b/html/primer.html
810 @@ -248,7 +248,7 @@
811 </td>
812 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
813 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="primer.xml?style=printable">Print</a></p></td></tr>
814 -<tr><td class="topsep" align="center"><p class="alttext">Updated February 7, 2007</p></td></tr>
815 +<tr><td class="topsep" align="center"><p class="alttext">Page updated February 7, 2007</p></td></tr>
816 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>A Primer on Hardened Gentoo.</p></td></tr>
817 <tr><td align="left" class="topsep"><p class="alttext">
818 <a href="mailto:method@×××××××××××.com" class="altlink"><b>Joshua Brindle</b></a>
819 @@ -268,7 +268,7 @@
820 </table></td>
821 </tr></table></td></tr>
822 <tr><td colspan="2" align="right" class="infohead">
823 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
824 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
825 </td></tr>
826 </table></body>
827 </html>
828
829 diff --git a/html/pax-utils.html b/html/revdep-pax.html
830 similarity index 79%
831 copy from html/pax-utils.html
832 copy to html/revdep-pax.html
833 index 264f52e..ee4e6d4 100644
834 --- a/html/pax-utils.html
835 +++ b/html/revdep-pax.html
836 @@ -11,120 +11,108 @@
837 <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
838 <title>Gentoo Linux Documentation
839 --
840 - Gentoo PaX Utilities</title>
841 + Gentoo revdep-pax introduction</title>
842 </head>
843 <body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
844 <tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
845 <tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
846 <td width="99%" class="content" valign="top" align="left">
847 -<br><h1>Gentoo PaX Utilities</h1>
848 +<br><h1>Gentoo revdep-pax introduction</h1>
849 <form name="contents" action="http://www.gentoo.org">
850 <b>Content</b>:
851 - <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. What is this guide about?</option>
852 -<option value="#doc_chap2">2. Extracting ELF Information from Binaries</option>
853 + <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. What's revdep-pax about?</option>
854 +<option value="#doc_chap2">2. Using revdep-pax</option>
855 <option value="#doc_chap3">3. Listing PaX Flags and Capabilities</option>
856 <option value="#doc_chap4">4. Programming with ELF files</option></select>
857 </form>
858 <p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
859 - </span>What is this guide about?</p>
860 -<p class="secthead"><a name="doc_chap1_sect1">Introduction</a></p>
861 -<p>
862 -The security of a system goes beyond setting up a decent firewall and good
863 -service configurations. The binaries you run, the libraries you load, might
864 -also be vulnerable against attacks. Although the exact vulnerabilities are not
865 -known until they are discovered, there are ways to prevent them from happening.
866 -</p>
867 -<p>
868 -One possible attack vector is to make advantage of writable <span class="emphasis">and</span>
869 -executable segments in a program or library, allowing malicious users to run
870 -their own code using the vulnerable application or library.
871 -</p>
872 -<p>
873 -This guide will inform you how to use the <span class="code" dir="ltr">pax-utils</span> package to find
874 -and identify problematic binaries. We will also cover the use of <span class="code" dir="ltr">pspax</span> (a
875 -tool to view PaX-specific capabilities) and <span class="code" dir="ltr">dumpelf</span> (a tool that prints
876 -out a C structure containing a workable copy of a given object).
877 -</p>
878 -<p>
879 -But before we start with that, some information on <span class="emphasis">objects</span> is in place.
880 -Users familiar with segments and dynamic linking will not learn anything from
881 -this and can immediately continue with <a href="#scanelf">Extracting ELF
882 -Information from Binaries</a>.
883 -</p>
884 -<p class="secthead"><a name="doc_chap1_sect2">ELF objects</a></p>
885 -<p>
886 -Every executable binary on your system is structured in a specific way,
887 -allowing the Linux kernel to load and execute the file. Actually, this goes
888 -beyond plain executable binaries: this also holds for shared objects; more
889 -about those later.
890 -</p>
891 -<p>
892 -The structure of such a binary is defined in the ELF standard. ELF stands for
893 -<span class="emphasis">Executable and Linkable Format</span>. If you are really interested in the gory
894 -details, check out the <a href="http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/elf-generic.html">
895 -Generic ELF spec</a> or the <span class="code" dir="ltr">elf(5)</span> man page.
896 -</p>
897 -<p>
898 -An executable ELF file has the following parts:
899 -</p>
900 -<ul>
901 - <li>
902 - The <span class="emphasis">ELF header</span> contains information on the <span class="emphasis">type</span> of file (is it
903 - an executable, a shared library, ...), the target architecture, the
904 - location of the Program Header, Section Header and String Header in the
905 - file and the location of the first executable instruction
906 - </li>
907 - <li>
908 - The <span class="emphasis">Program Header</span> informs the system how to create a process from
909 - the binary file. It is actually a table consisting of entries for each
910 - segment in the program. Each entry contains the type, addresses (physical
911 - and virtual), size, access rights, ...
912 - </li>
913 - <li>
914 - The <span class="emphasis">Section Header</span> is a table consisting of entries for each section
915 - in the program. Each entry contains the name, type, size, ... and
916 - <span class="emphasis">what</span> information the section holds.
917 - </li>
918 - <li>
919 - Data, containing the sections and segments mentioned previously.
920 - </li>
921 -</ul>
922 -<p>
923 -A <span class="emphasis">section</span> is a small unit consisting of specific data: instructions,
924 -variable data, symbol table, relocation information, and so on. A <span class="emphasis">segment</span>
925 -is a collection of sections; segments are the units that are actually
926 -transferred to memory.
927 -</p>
928 -<p class="secthead"><a name="doc_chap1_sect3">Shared Objects</a></p>
929 -<p>
930 -Way back when, every application binary contained <span class="emphasis">everything</span> it needed to
931 -operate correctly. Such binaries are called <span class="emphasis">statically linked</span> binaries.
932 -They are, however, space consuming since different applications use the same
933 -functions over and over again.
934 -</p>
935 -<p>
936 -A <span class="emphasis">shared object</span> contains the definition and instructions for such
937 -functions. Every application that wants can <span class="emphasis">dynamically</span> link against such
938 -a shared object so that it can benefit from the already existing functionality.
939 -</p>
940 -<p>
941 -An application that is dynamically linked to a shared object contains
942 -<span class="emphasis">symbols</span>, references for the real functionality. When such an application
943 -is loaded in memory, it will first ask the runtime linker to resolve each and
944 -every symbol it has. The runtime linker will load the appropriate shared objects
945 -in memory and resolve the symbolic references between them.
946 -</p>
947 -<p class="secthead"><a name="doc_chap1_sect4">Segments and Sections</a></p>
948 -<p>
949 -How the ELF file is looked upon depends on the view we have: when we are dealing
950 -with a binary file in Execution View, the ELF file contains segments. When
951 -the file is seen in Linking View, the ELF file contains sections.
952 -One segment spans just one or more (continuous) sections.
953 -</p>
954 -<p class="chaphead"><a name="scanelf"></a><a name="doc_chap2"></a><span class="chapnum">2.
955 - </span>Extracting ELF Information from Binaries</p>
956 -<p class="secthead"><a name="doc_chap2_sect1">The scanelf Application</a></p>
957 -<p>
958 + </span>What's revdep-pax about?</p>
959 +<p class="secthead"><a name="doc_chap1_sect1">A quick introduction to PaX markings.</a></p>
960 +<p>
961 +There are some programs which won't be able to run in an environment with all
962 +the PaX features enabled, for example you may have a program which has so called
963 +<span class="emphasis">text relocations</span> or you may have a language interpreter doing JIT code
964 +compilation and requiring <span class="emphasis">RWX</span> mappings you may also have a program that
965 +saves data including internal pointers into an mmaped file and which needs to be
966 +restored in the same place no matter what. You could also be holding a security
967 +competition and need to disable the execution restrictions and force it to
968 +use fixed addresses on a particular program so it can be exploited doing a
969 +simple nop sled based stack overflow to get to the next level. For taking into
970 +account these issues binaries can be marked to force on or off some of the PaX
971 +features.
972 +</p>
973 +<p>
974 +Currently, the PaX features that can be lessened or enforced to allow programs
975 +to run are:
976 +</p>
977 +<dl>
978 + <dt><b>PAGEEXEC</b></dt>
979 + <dd>Paging based execution restrictions. This is what other OSes know as
980 + <span class="emphasis">NX</span>.</dd>
981 + <dt><b>EMUTRAMP</b></dt>
982 + <dd>Trampoline emulation. Required by for amongst other things code with
983 + nested functions.</dd>
984 + <dt><b>MPROTECT</b></dt>
985 + <dd>Prevents the introduction of new executable code in the task. This is the
986 + one you are more likely to need disabling with libraries generating JIT code.
987 + </dd>
988 + <dt><b>RANDMMAP</b></dt>
989 + <dd>Randomizes the addresses where mappings are made unless the program
990 + explicitly requests one (using the MAP_FIXED flag).</dd>
991 + <dt><b>RANDEXEC</b></dt>
992 + <dd>This flag is currently deprecated and was used to enforce random placement
993 + of the executable part of the binary.</dd>
994 + <dt><b>SEGMEXEC</b></dt>
995 + <dd>This flag enables segmentation based execution protection. This feature is
996 + not available on the amd64 architecture so in that architecture is disables by
997 + default.</dd>
998 +</dl>
999 +<p>
1000 +There are various ways in which this advice to lessen the environment can be
1001 +provided to the system, amongst others Mandatory Access Control rules, extended
1002 +attributes and two kinds of markings on the binaries themselves, the legacy ones
1003 +which abuse an unused field in the ELF headers and the new ones which add a new
1004 +specific section to the ELF file with the markings.
1005 +</p>
1006 +<p>
1007 +All this markings though are only read in the executable and not in the
1008 +libraries linked by it to prevent some possible attacks (like libraries being
1009 +injected via LD_PRELOAD) and because it eases a lot the implementation since the
1010 +kernel shouldn't be aware of linking details.
1011 +</p>
1012 +<p>
1013 +This system has a problem: if we have a binary linking to a library which
1014 +requires, for example, trampoline emulation because it uses nested functions how
1015 +can we make sure the binary gets the propper markings? Yeah we could add PaX
1016 +marks to the library to state it needs trampoline emulation but still we haven't
1017 +fixed the issue since the kernel will only read the marks on the binary being
1018 +called. In order to solve this issue we have created <span class="code" dir="ltr">revdep-pax</span>.
1019 +</p>
1020 +<p class="secthead"><a name="doc_chap1_sect2">What's revdep-pax?</a></p>
1021 +<p>
1022 +<span class="code" dir="ltr">revdep-pax</span> is a tool that allows to check for differences in PaX markings
1023 +between elf objects linking to libraries (for example <span class="path" dir="ltr">/bin/bash</span>)
1024 +and the libraries themselves (for example <span class="path" dir="ltr">/lib64/libc.so.6</span>).
1025 +</p>
1026 +<p>
1027 +<span class="code" dir="ltr">revdep-pax</span> is able to do this in various ways, it can check for
1028 +differences <span class="emphasis">forward</span> from one binary to all the libraries it links and it
1029 +can also check for PaX marking differences <span class="emphasis">backwards</span> from one library to
1030 +all the binaries linking to it (which may include other libraries too). In a
1031 +similar way it is possible to have all the forward and reverse mappings in the
1032 +system checked to try finding issues.
1033 +</p>
1034 +<p>
1035 +<span class="code" dir="ltr">revdep-pax</span> is also able to propagate these markings both forward to the
1036 +libraries linked by an object and backwards to the objects linked by a library.
1037 +</p>
1038 +<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
1039 + </span>Using revdep-pax</p>
1040 +<p class="secthead"><a name="doc_chap2_sect1">Propagating PaX marks backwards from a library to objects that link at it
1041 +</a></p>
1042 +<p>
1043 +This is going to be probably the main way in which you are going to use this
1044 +utility. What it does is check all the libraries linked statically
1045 The <span class="code" dir="ltr">scanelf</span> application is part of the <span class="code" dir="ltr">app-misc/pax-utils</span> package.
1046 With this application you can print out information specific to the ELF
1047 structure of a binary. The following table sums up the various options.
1048 @@ -650,7 +638,9 @@ struct {
1049 <!--
1050 <rdf:RDF xmlns="http://web.resource.org/cc/"
1051 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
1052 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1053 +
1054 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1055 +
1056 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
1057 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
1058 <requires rdf:resource="http://web.resource.org/cc/Notice" />
1059 @@ -662,19 +652,16 @@ struct {
1060 --><br>
1061 </td>
1062 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1063 -<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="swift?style=printable">Print</a></p></td></tr>
1064 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 29, 2010</p></td></tr>
1065 +<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="klondike?style=printable">Print</a></p></td></tr>
1066 +<tr><td class="topsep" align="center"><p class="alttext">Page updated February 19, 2012</p></td></tr>
1067 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
1068 -This guide provides instruction on securing your system by using the pax-utils
1069 -package to find and identify problematic binaries.
1070 +This guide provides an introduction to revdep-pax and how to use it to propagate
1071 +the PaC markings caused by libraries requiring them, for example, libraries
1072 +requiring RWX memory in order to process JIT code.
1073 </p></td></tr>
1074 <tr><td align="left" class="topsep"><p class="alttext">
1075 - <a href="mailto:swift@g.o" class="altlink"><b>Sven Vermeulen</b></a>
1076 -<br><i>Author</i><br><br>
1077 - <a href="mailto:solar@g.o" class="altlink"><b>Ned Ludd</b></a>
1078 -<br><i>Editor</i><br><br>
1079 - <a href="mailto:nightmorph@g.o" class="altlink"><b>Joshua Saddler</b></a>
1080 -<br><i>Editor</i><br></p></td></tr>
1081 + <a href="mailto:klondike@g.o" class="altlink"><b>Francisco Blas Izquierdo Riera</b></a>
1082 +<br><i>Author</i><br></p></td></tr>
1083 <tr lang="en"><td align="center" class="topsep">
1084 <p class="alttext"><b>Donate</b> to support our development efforts.
1085 </p>
1086 @@ -686,7 +673,7 @@ package to find and identify problematic binaries.
1087 </table></td>
1088 </tr></table></td></tr>
1089 <tr><td colspan="2" align="right" class="infohead">
1090 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1091 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1092 </td></tr>
1093 </table></body>
1094 </html>
1095
1096 diff --git a/html/roadmap.html b/html/roadmap.html
1097 index f645ca8..17be1a3 100644
1098 --- a/html/roadmap.html
1099 +++ b/html/roadmap.html
1100 @@ -279,7 +279,7 @@ of the packages and standard policies.
1101 <tr>
1102 <td class="tableinfo">Deprecate old profiles</td>
1103 <td class="tableinfo">2011-12-01</td>
1104 - <td class="tableinfo"></td>
1105 + <td class="tableinfo">done</td>
1106 <td class="tableinfo">blueness</td>
1107 <td class="tableinfo"></td>
1108 </tr>
1109 @@ -290,12 +290,19 @@ of the packages and standard policies.
1110 <td class="tableinfo">SwifT</td>
1111 <td class="tableinfo"></td>
1112 </tr>
1113 +<tr>
1114 + <td class="tableinfo">Have SELinux-enabled stage3 available on the mirrors</td>
1115 + <td class="tableinfo">2012-01-31</td>
1116 + <td class="tableinfo"></td>
1117 + <td class="tableinfo"></td>
1118 + <td class="tableinfo"></td>
1119 +</tr>
1120 </table>
1121 <br><br>
1122 </td>
1123 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1124 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="roadmap.xml?style=printable">Print</a></p></td></tr>
1125 -<tr><td class="topsep" align="center"><p class="alttext">Updated August 24, 2011</p></td></tr>
1126 +<tr><td class="topsep" align="center"><p class="alttext">Page updated December 10, 2011</p></td></tr>
1127 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
1128 A roadmap that plots current needs and goals of the
1129 Hardened Gentoo project.
1130 @@ -336,7 +343,7 @@ Hardened Gentoo project.
1131 </table></td>
1132 </tr></table></td></tr>
1133 <tr><td colspan="2" align="right" class="infohead">
1134 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1135 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1136 </td></tr>
1137 </table></body>
1138 </html>
1139
1140 diff --git a/html/rsbac/index.html b/html/rsbac/index.html
1141 index d0c4886..9c4601e 100644
1142 --- a/html/rsbac/index.html
1143 +++ b/html/rsbac/index.html
1144 @@ -158,7 +158,7 @@ The required tool for the policies is still being developped.
1145 </table></td>
1146 </tr></table></td></tr>
1147 <tr><td colspan="2" align="right" class="infohead">
1148 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1149 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1150 </td></tr>
1151 </table></body>
1152 </html>
1153
1154 diff --git a/html/rsbac/intro.html b/html/rsbac/intro.html
1155 index b7ae327..04b00cd 100644
1156 --- a/html/rsbac/intro.html
1157 +++ b/html/rsbac/intro.html
1158 @@ -72,7 +72,9 @@ ITSEC funtional criteria, extended by two privacy goals. </p>
1159 <!--
1160 <rdf:RDF xmlns="http://web.resource.org/cc/"
1161 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
1162 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1163 +
1164 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1165 +
1166 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
1167 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
1168 <requires rdf:resource="http://web.resource.org/cc/Notice" />
1169 @@ -85,7 +87,7 @@ ITSEC funtional criteria, extended by two privacy goals. </p>
1170 </td>
1171 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1172 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="intro.xml?style=printable">Print</a></p></td></tr>
1173 -<tr><td class="topsep" align="center"><p class="alttext">Updated June 2, 2004</p></td></tr>
1174 +<tr><td class="topsep" align="center"><p class="alttext">Page updated June 2, 2004</p></td></tr>
1175 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> This document should introduce you to the RSBAC
1176 access control system. </p></td></tr>
1177 <tr><td align="left" class="topsep"><p class="alttext">
1178 @@ -106,7 +108,7 @@ access control system. </p></td></tr>
1179 </table></td>
1180 </tr></table></td></tr>
1181 <tr><td colspan="2" align="right" class="infohead">
1182 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1183 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1184 </td></tr>
1185 </table></body>
1186 </html>
1187
1188 diff --git a/html/rsbac/overview.html b/html/rsbac/overview.html
1189 index e04a343..b2092ae 100644
1190 --- a/html/rsbac/overview.html
1191 +++ b/html/rsbac/overview.html
1192 @@ -183,7 +183,9 @@ Orange Book (TCSEC) B1 level.
1193 <!--
1194 <rdf:RDF xmlns="http://web.resource.org/cc/"
1195 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
1196 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1197 +
1198 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1199 +
1200 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
1201 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
1202 <requires rdf:resource="http://web.resource.org/cc/Notice" />
1203 @@ -196,7 +198,7 @@ Orange Book (TCSEC) B1 level.
1204 </td>
1205 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1206 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="overview.xml?style=printable">Print</a></p></td></tr>
1207 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 11, 2005</p></td></tr>
1208 +<tr><td class="topsep" align="center"><p class="alttext">Page updated October 11, 2005</p></td></tr>
1209 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
1210 This document should give you an overview of RSBAC access control system.
1211 </p></td></tr>
1212 @@ -218,7 +220,7 @@ This document should give you an overview of RSBAC access control system.
1213 </table></td>
1214 </tr></table></td></tr>
1215 <tr><td colspan="2" align="right" class="infohead">
1216 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1217 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1218 </td></tr>
1219 </table></body>
1220 </html>
1221
1222 diff --git a/html/rsbac/quickstart.html b/html/rsbac/quickstart.html
1223 index f04955a..ddcc9fd 100644
1224 --- a/html/rsbac/quickstart.html
1225 +++ b/html/rsbac/quickstart.html
1226 @@ -314,7 +314,9 @@ Please also check the <a href="hardenedfaq.html">hardened FAQ</a> as your questi
1227 <!--
1228 <rdf:RDF xmlns="http://web.resource.org/cc/"
1229 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
1230 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1231 +
1232 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1233 +
1234 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
1235 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
1236 <requires rdf:resource="http://web.resource.org/cc/Notice" />
1237 @@ -327,7 +329,7 @@ Please also check the <a href="hardenedfaq.html">hardened FAQ</a> as your questi
1238 </td>
1239 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1240 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="rsbac/quickstart.xml?style=printable">Print</a></p></td></tr>
1241 -<tr><td class="topsep" align="center"><p class="alttext">Updated November 27, 2010</p></td></tr>
1242 +<tr><td class="topsep" align="center"><p class="alttext">Page updated November 27, 2010</p></td></tr>
1243 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>This document will guide you through the installation of the
1244 RSBAC on Gentoo Linux</p></td></tr>
1245 <tr><td align="left" class="topsep"><p class="alttext">
1246 @@ -346,7 +348,7 @@ RSBAC on Gentoo Linux</p></td></tr>
1247 </table></td>
1248 </tr></table></td></tr>
1249 <tr><td colspan="2" align="right" class="infohead">
1250 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1251 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1252 </td></tr>
1253 </table></body>
1254 </html>
1255
1256 diff --git a/html/rsbac/transition.html b/html/rsbac/transition.html
1257 index 0d5395e..869b9b5 100644
1258 --- a/html/rsbac/transition.html
1259 +++ b/html/rsbac/transition.html
1260 @@ -53,7 +53,9 @@ Transition from rsbac-sources to hardened-sources </h1>
1261 <!--
1262 <rdf:RDF xmlns="http://web.resource.org/cc/"
1263 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
1264 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1265 +
1266 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1267 +
1268 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
1269 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
1270 <requires rdf:resource="http://web.resource.org/cc/Notice" />
1271 @@ -66,7 +68,7 @@ Transition from rsbac-sources to hardened-sources </h1>
1272 </td>
1273 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1274 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="transition.xml?style=printable">Print</a></p></td></tr>
1275 -<tr><td class="topsep" align="center"><p class="alttext">Updated February 15, 2006</p></td></tr>
1276 +<tr><td class="topsep" align="center"><p class="alttext">Page updated February 15, 2006</p></td></tr>
1277 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> This document will help you transioning from
1278 rsbac-sources to hardened-sources </p></td></tr>
1279 <tr><td align="left" class="topsep"><p class="alttext">
1280 @@ -83,7 +85,7 @@ rsbac-sources to hardened-sources </p></td></tr>
1281 </table></td>
1282 </tr></table></td></tr>
1283 <tr><td colspan="2" align="right" class="infohead">
1284 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1285 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1286 </td></tr>
1287 </table></body>
1288 </html>
1289
1290 diff --git a/html/selinux-bugreporting.html b/html/selinux-bugreporting.html
1291 index 872a5e6..78fd4f0 100644
1292 --- a/html/selinux-bugreporting.html
1293 +++ b/html/selinux-bugreporting.html
1294 @@ -124,12 +124,15 @@ SELinux</a> section that helps you identify common bottlenecks or issues while
1295 trying to get SELinux running on your system.
1296 </p>
1297 <br><p class="copyright">
1298 - The contents of this document, unless otherwise expressly stated, are licensed under the <a href="http://creativecommons.org/licenses/by-sa/2.5">CC-BY-SA-2.5</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
1299 + The contents of this document, unless otherwise expressly stated, are
1300 + licensed under the <a href="http://creativecommons.org/licenses/by-sa/3.0">CC-BY-SA-3.0</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
1301 </p>
1302 <!--
1303 <rdf:RDF xmlns="http://web.resource.org/cc/"
1304 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
1305 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1306 +
1307 + <License rdf:about="http://creativecommons.org/licenses/by-sa/3.0/">
1308 +
1309 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
1310 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
1311 <requires rdf:resource="http://web.resource.org/cc/Notice" />
1312 @@ -142,7 +145,7 @@ trying to get SELinux running on your system.
1313 </td>
1314 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1315 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="swift?style=printable">Print</a></p></td></tr>
1316 -<tr><td class="topsep" align="center"><p class="alttext">Updated November 22, 2011</p></td></tr>
1317 +<tr><td class="topsep" align="center"><p class="alttext">Page updated November 22, 2011</p></td></tr>
1318 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
1319 This guide helps users to create a properly filled out bug report for SELinux
1320 policy updates.
1321 @@ -161,7 +164,7 @@ policy updates.
1322 </table></td>
1323 </tr></table></td></tr>
1324 <tr><td colspan="2" align="right" class="infohead">
1325 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1326 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1327 </td></tr>
1328 </table></body>
1329 </html>
1330
1331 diff --git a/html/selinux-development.html b/html/selinux-development.html
1332 index c56971c..c54b522 100644
1333 --- a/html/selinux-development.html
1334 +++ b/html/selinux-development.html
1335 @@ -1232,7 +1232,9 @@ it out.
1336 <!--
1337 <rdf:RDF xmlns="http://web.resource.org/cc/"
1338 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
1339 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1340 +
1341 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1342 +
1343 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
1344 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
1345 <requires rdf:resource="http://web.resource.org/cc/Notice" />
1346 @@ -1245,7 +1247,7 @@ it out.
1347 </td>
1348 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1349 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux-development.xml?style=printable">Print</a></p></td></tr>
1350 -<tr><td class="topsep" align="center"><p class="alttext">Updated November 22, 2011</p></td></tr>
1351 +<tr><td class="topsep" align="center"><p class="alttext">Page updated November 22, 2011</p></td></tr>
1352 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
1353 When planning to help Gentoo Hardened in the development of SELinux policies,
1354 or when trying to debug existing policies, this document should help you get
1355 @@ -1265,7 +1267,7 @@ acquainted with the necessary resources, trips and tricks to get along.
1356 </table></td>
1357 </tr></table></td></tr>
1358 <tr><td colspan="2" align="right" class="infohead">
1359 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1360 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1361 </td></tr>
1362 </table></body>
1363 </html>
1364
1365 diff --git a/html/selinux-faq.html b/html/selinux-faq.html
1366 index caa4c46..41695b4 100644
1367 --- a/html/selinux-faq.html
1368 +++ b/html/selinux-faq.html
1369 @@ -77,6 +77,8 @@ FAILED (crontabs/root)'</a></li>
1370 <li><a href="#missingdatum">When querying the policy, I get 'ERROR: could not find datum for type ...'</a></li>
1371 <li><a href="#recoverportage">Portage fails to label files because "setfiles" does not work anymore</a></li>
1372 <li><a href="#nosuid">Applications do not transition on a nosuid-mounted partition</a></li>
1373 +<li><a href="#auth-run_init">Why do I always need to re-authenticate when operating init scripts?</a></li>
1374 +<li><a href="#initramfs">How do I use SELinux with initramfs?</a></li>
1375 </ul>
1376 <p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
1377 </span>General SELinux Support Questions</p>
1378 @@ -434,19 +436,13 @@ FEATURES variable contains unknown value(s): loadpolicy
1379 </table>
1380 <p>
1381 This is a remnant of the older SELinux policy module set where policy packages
1382 -might require this FEATURE to be available. Although the more recent packages
1383 -do not support this FEATURE value anymore, these are still in the ~arch phase
1384 -so the current SELinux profile still offers this value. Portage however already
1385 -knows that this FEATURE is not supported anymore and complains.
1386 +might require this FEATURE to be available. This has however since long been
1387 +removed from the tree.
1388 </p>
1389 <p>
1390 -We recommend you to use the ~arch versions of all packages in the sec-policy
1391 -category, and set <span class="code" dir="ltr">FEATURES="-loadpolicy"</span> to disable this (cosmetic)
1392 -error.
1393 -</p>
1394 -<p>
1395 -Once the newer policy modules are stabilized, the SELinux profile will be updated
1396 -to remove this setting.
1397 +Please update your profile to a recent SELinux profile (one ending with
1398 +<span class="path" dir="ltr">/selinux</span>) and make sure that <span class="path" dir="ltr">/etc/make.conf</span> does not
1399 +have <span class="code" dir="ltr">FEATURES="loadpolicy"</span> set.
1400 </p>
1401 <p class="secthead"><a name="conflicting_types"></a><a name="doc_chap5_sect3">During rlpkg I get 'conflicting specifications for ... and ..., using ...'</a></p>
1402 <p>
1403 @@ -684,11 +680,59 @@ So, a <span class="code" dir="ltr">passwd</span> binary, although correctly labe
1404 will not transition into the <span class="emphasis">passwd_t</span> domain if the binary is stored on a
1405 file system mounted with <span class="code" dir="ltr">nosuid</span>.
1406 </p>
1407 +<p class="secthead"><a name="auth-run_init"></a><a name="doc_chap5_sect10">Why do I always need to re-authenticate when operating init scripts?</a></p>
1408 +<p>
1409 +When you, as an administrator, wants to launch or stop daemons, these activities
1410 +need to be done as <span class="code" dir="ltr">system_u:system_r</span>. Switching to this context set is a
1411 +highly privileged operation (since you are effectively leaving the user context
1412 +and entering a system context) and hence the default setup requires the user to
1413 +re-authenticate.
1414 +</p>
1415 +<p>
1416 +You can ask not to re-authenticate if you use PAM by editing
1417 +<span class="path" dir="ltr">/etc/pam.d/run_init</span> and adding the following line on top:
1418 +</p>
1419 +<a name="doc_chap5_pre15"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1420 +<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing5.15: Setup run_init pam configuration to allow root not to re-authenticate</p></td></tr>
1421 +<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
1422 +auth sufficient pam_rootok.so
1423 +</pre></td></tr>
1424 +</table>
1425 +<p>
1426 +With this in place, you can now prepend your init script activities with
1427 +<span class="code" dir="ltr">run_init</span> and it will not ask for your password anymore:
1428 +</p>
1429 +<a name="doc_chap5_pre16"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1430 +<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing5.16: Using run_init</p></td></tr>
1431 +<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
1432 +# <span class="code-input">run_init rc-service local status</span>
1433 +Authenticating swift.
1434 + * status: started
1435 +</pre></td></tr>
1436 +</table>
1437 +<p class="secthead"><a name="initramfs"></a><a name="doc_chap5_sect11">How do I use SELinux with initramfs?</a></p>
1438 +<p>
1439 +We currently do not support booting in enforcing mode with an initramfs image
1440 +(but we are working on it). For the time being, boot in permissive mode. Once
1441 +booted, switch to enforcing mode (<span class="code" dir="ltr">setenforce 1</span>).
1442 +</p>
1443 +<p>
1444 +If you run SELinux on a production system and would not like to have attackers
1445 +be able to switch back to permissive mode (even when they would have the
1446 +necessary privileges otherwise), set the <span class="code" dir="ltr">secure_mode_policyload</span> boolean.
1447 +When enabled, enforcing mode cannot be disabled anymore (until you reboot).
1448 +</p>
1449 +<a name="doc_chap5_pre17"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1450 +<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing5.17: Toggling secure_mode_policyload</p></td></tr>
1451 +<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
1452 +# <span class="code-input">setsebool secure_mode_policyload on</span>
1453 +</pre></td></tr>
1454 +</table>
1455 <br><br>
1456 </td>
1457 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1458 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pebenito@g.o?style=printable">Print</a></p></td></tr>
1459 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 25, 2011</p></td></tr>
1460 +<tr><td class="topsep" align="center"><p class="alttext">Page updated February 26, 2012</p></td></tr>
1461 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
1462 Frequently Asked Questions on SELinux integration with Gentoo Hardened.
1463 The FAQ is a collection of solutions found on IRC, mailinglist, forums or
1464 @@ -710,7 +754,7 @@ elsewhere
1465 </table></td>
1466 </tr></table></td></tr>
1467 <tr><td colspan="2" align="right" class="infohead">
1468 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1469 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1470 </td></tr>
1471 </table></body>
1472 </html>
1473
1474 diff --git a/html/selinux-policy.html b/html/selinux-policy.html
1475 index 88d2d70..e500375 100644
1476 --- a/html/selinux-policy.html
1477 +++ b/html/selinux-policy.html
1478 @@ -182,7 +182,9 @@ of the packages clean.
1479 <!--
1480 <rdf:RDF xmlns="http://web.resource.org/cc/"
1481 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
1482 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1483 +
1484 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
1485 +
1486 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
1487 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
1488 <requires rdf:resource="http://web.resource.org/cc/Notice" />
1489 @@ -195,7 +197,7 @@ of the packages clean.
1490 </td>
1491 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1492 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux-policy.xml?style=printable">Print</a></p></td></tr>
1493 -<tr><td class="topsep" align="center"><p class="alttext">Updated September 4, 2011</p></td></tr>
1494 +<tr><td class="topsep" align="center"><p class="alttext">Page updated September 4, 2011</p></td></tr>
1495 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
1496 Developing a set of security rules is or should always be done with a common set
1497 of principles and rules in mind. This document explains the policy used by
1498 @@ -215,7 +217,7 @@ Gentoo Hardened in order to consistenly develop its security policy rules.
1499 </table></td>
1500 </tr></table></td></tr>
1501 <tr><td colspan="2" align="right" class="infohead">
1502 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1503 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1504 </td></tr>
1505 </table></body>
1506 </html>
1507
1508 diff --git a/html/selinux/hb-intro-concepts.html b/html/selinux/hb-intro-concepts.html
1509 index c5cf801..51626aa 100644
1510 --- a/html/selinux/hb-intro-concepts.html
1511 +++ b/html/selinux/hb-intro-concepts.html
1512 @@ -766,7 +766,7 @@ we'll configure and tune the SELinux policy to our needs.
1513 </p>
1514 </td>
1515 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1516 -<tr><td class="topsep" align="center"><p class="alttext">Updated July 21, 2011</p></td></tr>
1517 +<tr><td class="topsep" align="center"><p class="alttext">Page updated July 21, 2011</p></td></tr>
1518 <tr lang="en"><td align="center" class="topsep">
1519 <p class="alttext"><b>Donate</b> to support our development efforts.
1520 </p>
1521 @@ -778,7 +778,7 @@ we'll configure and tune the SELinux policy to our needs.
1522 </table></td>
1523 </tr></table></td></tr>
1524 <tr><td colspan="2" align="right" class="infohead">
1525 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1526 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1527 </td></tr>
1528 </table></body>
1529 </html>
1530
1531 diff --git a/html/selinux/hb-intro-enhancingsecurity.html b/html/selinux/hb-intro-enhancingsecurity.html
1532 index 1f39ee7..09b8c12 100644
1533 --- a/html/selinux/hb-intro-enhancingsecurity.html
1534 +++ b/html/selinux/hb-intro-enhancingsecurity.html
1535 @@ -201,7 +201,7 @@ run and manage a SELinux hardened Gentoo system.
1536 </p>
1537 </td>
1538 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1539 -<tr><td class="topsep" align="center"><p class="alttext">Updated May 25, 2011</p></td></tr>
1540 +<tr><td class="topsep" align="center"><p class="alttext">Page updated May 25, 2011</p></td></tr>
1541 <tr lang="en"><td align="center" class="topsep">
1542 <p class="alttext"><b>Donate</b> to support our development efforts.
1543 </p>
1544 @@ -213,7 +213,7 @@ run and manage a SELinux hardened Gentoo system.
1545 </table></td>
1546 </tr></table></td></tr>
1547 <tr><td colspan="2" align="right" class="infohead">
1548 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1549 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1550 </td></tr>
1551 </table></body>
1552 </html>
1553
1554 diff --git a/html/selinux/hb-intro-referencepolicy.html b/html/selinux/hb-intro-referencepolicy.html
1555 index 3adc3f9..acfd4b9 100644
1556 --- a/html/selinux/hb-intro-referencepolicy.html
1557 +++ b/html/selinux/hb-intro-referencepolicy.html
1558 @@ -224,7 +224,7 @@ following is an overview of the policy versions' history.
1559 </dl>
1560 </td>
1561 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1562 -<tr><td class="topsep" align="center"><p class="alttext">Updated June 2, 2011</p></td></tr>
1563 +<tr><td class="topsep" align="center"><p class="alttext">Page updated June 2, 2011</p></td></tr>
1564 <tr lang="en"><td align="center" class="topsep">
1565 <p class="alttext"><b>Donate</b> to support our development efforts.
1566 </p>
1567 @@ -236,7 +236,7 @@ following is an overview of the policy versions' history.
1568 </table></td>
1569 </tr></table></td></tr>
1570 <tr><td colspan="2" align="right" class="infohead">
1571 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1572 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1573 </td></tr>
1574 </table></body>
1575 </html>
1576
1577 diff --git a/html/selinux/hb-intro-resources.html b/html/selinux/hb-intro-resources.html
1578 index 3f27720..ff88fae 100644
1579 --- a/html/selinux/hb-intro-resources.html
1580 +++ b/html/selinux/hb-intro-resources.html
1581 @@ -79,7 +79,7 @@ implementation.
1582 </ul>
1583 </td>
1584 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1585 -<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
1586 +<tr><td class="topsep" align="center"><p class="alttext">Page updated May 31, 2011</p></td></tr>
1587 <tr lang="en"><td align="center" class="topsep">
1588 <p class="alttext"><b>Donate</b> to support our development efforts.
1589 </p>
1590 @@ -91,7 +91,7 @@ implementation.
1591 </table></td>
1592 </tr></table></td></tr>
1593 <tr><td colspan="2" align="right" class="infohead">
1594 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1595 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1596 </td></tr>
1597 </table></body>
1598 </html>
1599
1600 diff --git a/html/selinux/hb-intro-virtualization.html b/html/selinux/hb-intro-virtualization.html
1601 index 0095084..46ffa48 100644
1602 --- a/html/selinux/hb-intro-virtualization.html
1603 +++ b/html/selinux/hb-intro-virtualization.html
1604 @@ -24,7 +24,7 @@ This is a place-holder for future expansion.
1605 </p>
1606 </td>
1607 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1608 -<tr><td class="topsep" align="center"><p class="alttext">Updated December 1, 2010</p></td></tr>
1609 +<tr><td class="topsep" align="center"><p class="alttext">Page updated December 1, 2010</p></td></tr>
1610 <tr lang="en"><td align="center" class="topsep">
1611 <p class="alttext"><b>Donate</b> to support our development efforts.
1612 </p>
1613 @@ -36,7 +36,7 @@ This is a place-holder for future expansion.
1614 </table></td>
1615 </tr></table></td></tr>
1616 <tr><td colspan="2" align="right" class="infohead">
1617 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1618 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1619 </td></tr>
1620 </table></body>
1621 </html>
1622
1623 diff --git a/html/selinux/hb-using-commands.html b/html/selinux/hb-using-commands.html
1624 index dfbe3b3..468df7a 100644
1625 --- a/html/selinux/hb-using-commands.html
1626 +++ b/html/selinux/hb-using-commands.html
1627 @@ -434,7 +434,7 @@ require you to enter the regular users' password.
1628 </p>
1629 </td>
1630 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1631 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 15, 2011</p></td></tr>
1632 +<tr><td class="topsep" align="center"><p class="alttext">Page updated October 15, 2011</p></td></tr>
1633 <tr lang="en"><td align="center" class="topsep">
1634 <p class="alttext"><b>Donate</b> to support our development efforts.
1635 </p>
1636 @@ -446,7 +446,7 @@ require you to enter the regular users' password.
1637 </table></td>
1638 </tr></table></td></tr>
1639 <tr><td colspan="2" align="right" class="infohead">
1640 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1641 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1642 </td></tr>
1643 </table></body>
1644 </html>
1645
1646 diff --git a/html/selinux/hb-using-configuring.html b/html/selinux/hb-using-configuring.html
1647 index 05bd80b..d583184 100644
1648 --- a/html/selinux/hb-using-configuring.html
1649 +++ b/html/selinux/hb-using-configuring.html
1650 @@ -901,7 +901,7 @@ by Portage. Instead, you will need to remove the module manually:
1651 </table>
1652 </td>
1653 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1654 -<tr><td class="topsep" align="center"><p class="alttext">Updated September 30, 2011</p></td></tr>
1655 +<tr><td class="topsep" align="center"><p class="alttext">Page updated September 30, 2011</p></td></tr>
1656 <tr lang="en"><td align="center" class="topsep">
1657 <p class="alttext"><b>Donate</b> to support our development efforts.
1658 </p>
1659 @@ -913,7 +913,7 @@ by Portage. Instead, you will need to remove the module manually:
1660 </table></td>
1661 </tr></table></td></tr>
1662 <tr><td colspan="2" align="right" class="infohead">
1663 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1664 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1665 </td></tr>
1666 </table></body>
1667 </html>
1668
1669 diff --git a/html/selinux/hb-using-install.html b/html/selinux/hb-using-install.html
1670 index fb5eb85..fc61177 100644
1671 --- a/html/selinux/hb-using-install.html
1672 +++ b/html/selinux/hb-using-install.html
1673 @@ -18,20 +18,20 @@
1674 <tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
1675 <td width="99%" class="content" valign="top" align="left">
1676 <p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
1677 - </span>Installing Gentoo Hardened</p>
1678 + </span>Installing Gentoo (Hardened)</p>
1679 <p class="secthead"><a name="doc_chap1_sect1">Introduction</a></p>
1680 <p>
1681 -Getting a Gentoo Hardened SELinux installation doesn't require weird actions.
1682 +Getting a SELinux-powered Gentoo installation doesn't require weird actions.
1683 What you need to do is install Gentoo Linux with the correct profile, correct
1684 kernel configuration and some file system relabelling. We seriously recommend to
1685 use SELinux together with other hardening improvements (such as PaX /
1686 grSecurity).
1687 </p>
1688 <p>
1689 -This chapter will describe the steps to install Gentoo Hardened with SELinux. We
1690 +This chapter will describe the steps to install Gentoo with SELinux. We
1691 assume that you have an existing Gentoo Linux system which you want to convert
1692 -to Gentoo Hardened with SELinux. If this is not the case, you should still read
1693 -on: you can install Gentoo Hardened with SELinux immediately if you make the
1694 +to Gentoo with SELinux. If this is not the case, you should still read
1695 +on: you can install Gentoo with SELinux immediately if you make the
1696 correct decisions during the installation process, based on the information in
1697 this chapter.
1698 </p>
1699 @@ -90,10 +90,10 @@ tmpfs /tmp tmpfs defaults,noexec,nosuid<span class="code-input">,rootcontext=
1700 <p class="secthead"><a name="doc_chap1_sect1">Change the Gentoo Profile</a></p>
1701 <p>
1702 Now that you have a running Gentoo Linux installation, switch the Gentoo profile
1703 -to the right SELinux hardened profile (for instance,
1704 +to the right SELinux profile (for instance,
1705 <span class="path" dir="ltr">hardened/linux/amd64/no-multilib/selinux</span>). Note that the older
1706 -profiles (like <span class="path" dir="ltr">selinux/v2refpolicy/amd64/hardened</span>) are still
1707 -supported though.
1708 +profiles (like <span class="path" dir="ltr">selinux/v2refpolicy/amd64/hardened</span>) are not
1709 +supported anymore.
1710 </p>
1711 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1712 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Switching the Gentoo profile</p></td></tr>
1713 @@ -101,25 +101,19 @@ supported though.
1714 ~# <span class="code-input">eselect profile list</span>
1715 Available profile symlink targets:
1716 [1] default/linux/amd64/10.0
1717 - [2] default/linux/amd64/10.0/desktop
1718 - [3] default/linux/amd64/10.0/desktop/gnome
1719 - [4] default/linux/amd64/10.0/desktop/kde
1720 - [5] default/linux/amd64/10.0/developer
1721 - [6] default/linux/amd64/10.0/no-multilib
1722 - [7] default/linux/amd64/10.0/server
1723 - [8] hardened/linux/amd64
1724 - [9] hardened/linux/amd64/selinux
1725 - [10] hardened/linux/amd64/no-multilib *
1726 - [11] hardened/linux/amd64/no-multilib/selinux
1727 - [12] selinux/2007.0/amd64
1728 - [13] selinux/2007.0/amd64/hardened
1729 - [14] selinux/v2refpolicy/amd64
1730 - [15] selinux/v2refpolicy/amd64/desktop
1731 - [16] selinux/v2refpolicy/amd64/developer
1732 - [17] selinux/v2refpolicy/amd64/hardened
1733 - [18] selinux/v2refpolicy/amd64/server
1734 + [2] default/linux/amd64/10.0/selinux
1735 + [3] default/linux/amd64/10.0/desktop
1736 + [4] default/linux/amd64/10.0/desktop/gnome
1737 + [5] default/linux/amd64/10.0/desktop/kde
1738 + [6] default/linux/amd64/10.0/developer
1739 + [7] default/linux/amd64/10.0/no-multilib
1740 + [8] default/linux/amd64/10.0/server
1741 + [9] hardened/linux/amd64
1742 + [10] hardened/linux/amd64/selinux
1743 + [11] hardened/linux/amd64/no-multilib *
1744 + [12] hardened/linux/amd64/no-multilib/selinux
1745
1746 -~# <span class="code-input">eselect profile set 11</span>
1747 +~# <span class="code-input">eselect profile set 12</span>
1748 </pre></td></tr>
1749 </table>
1750 <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b>
1751 @@ -195,7 +189,9 @@ tools or configurations that apply.
1752 <span class="path" dir="ltr">/lib/rcscripts/addons/lvm-start.sh</span> (or <span class="path" dir="ltr">/lib64/..</span>)
1753 and <span class="path" dir="ltr">lvm-stop.sh</span> and set the config location from
1754 <span class="path" dir="ltr">/dev/.lvm</span> to <span class="path" dir="ltr">/etc/lvm/lock</span>. Next, create the
1755 - <span class="path" dir="ltr">/etc/lvm/lock</span> directory.
1756 + <span class="path" dir="ltr">/etc/lvm/lock</span> directory. Finally, add
1757 + <span class="path" dir="ltr">/lib(64)/rcscripts/addons</span> to <span class="code" dir="ltr">CONFIG_PROTECT</span> in your
1758 + <span class="path" dir="ltr">make.conf</span> file.
1759 </li>
1760 <li>
1761 Check if you have <span class="path" dir="ltr">*.old</span> files in <span class="path" dir="ltr">/bin</span>. If you do,
1762 @@ -362,7 +358,9 @@ it yet).
1763 Next, rebuild those packages affected by the profile change we did previously
1764 through a standard world update, taking into account USE-flag changes (as the
1765 new profile will change many default USE flags, including enabling the
1766 -<span class="code" dir="ltr">selinux</span> USE flag).
1767 +<span class="code" dir="ltr">selinux</span> USE flag). Don't forget to use <span class="code" dir="ltr">etc-update</span> or
1768 +<span class="code" dir="ltr">dispatch-conf</span> afterwards as some changes to configuration files need to
1769 +be made.
1770 </p>
1771 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1772 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Update your Gentoo Linux system</p></td></tr>
1773 @@ -473,7 +471,7 @@ running, most of them in the same security domain, but in different categories.
1774 <p>
1775 Finally, you can also select <span class="code" dir="ltr">mls</span> to differentiate security domains on
1776 a sensitivity level. However, MLS is currently still considered experimental
1777 -in Gentoo Hardened and as such not recommended.
1778 +in Gentoo and as such not recommended.
1779 </p>
1780 <p>
1781 When you have made your choice between the SELinux policy types, save
1782 @@ -487,7 +485,7 @@ only install the policy modules for that SELinux type.
1783 POLICY_TYPES="<span class="code-input">strict</span>"
1784 </pre></td></tr>
1785 </table>
1786 -<p class="secthead"><a name="doc_chap1_sect1">Label the File System</a></p>
1787 +<p class="secthead"><a name="doc_chap1_sect1">Reboot, and Label the File System</a></p>
1788 <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffffbb"><p class="note"><b>Important: </b>
1789 Repeat these steps every time you have rebooted from a non-SELinux enabled
1790 kernel into a SELinux enabled kernel, as running with a non-SELinux enabled
1791 @@ -495,7 +493,8 @@ kernel will not update the security attributes of the files you create or
1792 manipulate during your day-to-day activities on your system.
1793 </p></td></tr></table>
1794 <p>
1795 -First relabel your devices and openrc related files. This will apply the
1796 +First reboot your system so that the installed policies are loaded. Now we
1797 +need to relabel your devices and openrc related files. This will apply the
1798 correct security contexts (labels) onto the necessary files.
1799 </p>
1800 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1801 @@ -548,9 +547,10 @@ correctly. For instance, if you have installed
1802 </table>
1803 <p class="secthead"><a name="doc_chap1_sect1">Reboot and Set SELinux Booleans</a></p>
1804 <p>
1805 -Reboot your system. Log on and, if you have indeed installed Gentoo using the
1806 -hardened sources (as we recommended), enable the SSP SELinux boolean, allowing
1807 -every domain read access to the <span class="path" dir="ltr">/dev/urandom</span> device:
1808 +Reboot your system so that the newly applied file contexts are used. Log on
1809 +and, if you have indeed installed Gentoo using the hardened sources (as we
1810 +recommended), enable the SSP SELinux boolean, allowing every domain read
1811 +access to the <span class="path" dir="ltr">/dev/urandom</span> device:
1812 </p>
1813 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1814 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Enabling the global_ssp boolean</p></td></tr>
1815 @@ -600,7 +600,7 @@ With that done, enjoy - your first steps into the SELinux world are now made.
1816 </p>
1817 </td>
1818 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1819 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 18, 2011</p></td></tr>
1820 +<tr><td class="topsep" align="center"><p class="alttext">Page updated January 29, 2012</p></td></tr>
1821 <tr lang="en"><td align="center" class="topsep">
1822 <p class="alttext"><b>Donate</b> to support our development efforts.
1823 </p>
1824 @@ -612,7 +612,7 @@ With that done, enjoy - your first steps into the SELinux world are now made.
1825 </table></td>
1826 </tr></table></td></tr>
1827 <tr><td colspan="2" align="right" class="infohead">
1828 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1829 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1830 </td></tr>
1831 </table></body>
1832 </html>
1833
1834 diff --git a/html/selinux/hb-using-policies.html b/html/selinux/hb-using-policies.html
1835 index a40c051..0163b42 100644
1836 --- a/html/selinux/hb-using-policies.html
1837 +++ b/html/selinux/hb-using-policies.html
1838 @@ -41,7 +41,10 @@ additional SELinux policy modules. Only when the core policy (the base policy)
1839 is not to your liking should you see on using a totally different policy.
1840 </p>
1841 <p>
1842 -Let's start with a skeleton for a policy module we'll call <span class="emphasis">testmod</span>.
1843 +Let's start with a skeleton for a policy module we'll call <span class="emphasis">testmod</span>. You
1844 +should use simple names for the modules as the build infrastructure is quite
1845 +sensitive to special constructs. Use only letters a-z and numbers, and never
1846 +start a module name with a number.
1847 </p>
1848 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1849 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Policy module skeleton</p></td></tr>
1850 @@ -331,9 +334,14 @@ from firefox-related denials:
1851 # <span class="code-input">semodule -i firefoxmod.pp</span>
1852 </pre></td></tr>
1853 </table>
1854 +<p>
1855 +Keep the module name (given through the <span class="code" dir="ltr">-m</span> option) simple: only use
1856 +characters (<span class="code" dir="ltr">[a-z]</span>) and numbers (<span class="code" dir="ltr">[0-9]</span>), and start the module name
1857 +with a character.
1858 +</p>
1859 </td>
1860 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1861 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 15, 2011</p></td></tr>
1862 +<tr><td class="topsep" align="center"><p class="alttext">Page updated March 1, 2012</p></td></tr>
1863 <tr lang="en"><td align="center" class="topsep">
1864 <p class="alttext"><b>Donate</b> to support our development efforts.
1865 </p>
1866 @@ -345,7 +353,7 @@ from firefox-related denials:
1867 </table></td>
1868 </tr></table></td></tr>
1869 <tr><td colspan="2" align="right" class="infohead">
1870 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1871 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1872 </td></tr>
1873 </table></body>
1874 </html>
1875
1876 diff --git a/html/selinux/hb-using-states.html b/html/selinux/hb-using-states.html
1877 index 98817d2..bd2398f 100644
1878 --- a/html/selinux/hb-using-states.html
1879 +++ b/html/selinux/hb-using-states.html
1880 @@ -281,7 +281,7 @@ mode back to "enforcing".
1881 </p>
1882 </td>
1883 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1884 -<tr><td class="topsep" align="center"><p class="alttext">Updated October 15, 2011</p></td></tr>
1885 +<tr><td class="topsep" align="center"><p class="alttext">Page updated October 15, 2011</p></td></tr>
1886 <tr lang="en"><td align="center" class="topsep">
1887 <p class="alttext"><b>Donate</b> to support our development efforts.
1888 </p>
1889 @@ -293,7 +293,7 @@ mode back to "enforcing".
1890 </table></td>
1891 </tr></table></td></tr>
1892 <tr><td colspan="2" align="right" class="infohead">
1893 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1894 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
1895 </td></tr>
1896 </table></body>
1897 </html>
1898
1899 diff --git a/html/selinux/hb-using-troubleshoot.html b/html/selinux/hb-using-troubleshoot.html
1900 index d73d50a..983cc5a 100644
1901 --- a/html/selinux/hb-using-troubleshoot.html
1902 +++ b/html/selinux/hb-using-troubleshoot.html
1903 @@ -3,7 +3,7 @@
1904 <head>
1905 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
1906 <link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
1907 -<link REL="shortcut icon" HREF="favicon.ico" TYPE="image/x-icon">
1908 +<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
1909 <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
1910 <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
1911 <link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
1912 @@ -192,9 +192,82 @@ contexts</span> that you see in the output with the next table.
1913 </td>
1914 </tr>
1915 </table>
1916 +<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
1917 + </span>Unable to Emerge Anything (OSError: [Errno 22] Invalid argument)</p>
1918 +<p class="secthead"><a name="doc_chap1_sect1">Problem Description</a></p>
1919 +<p>
1920 +When trying to install software with Portage, you get a huge python stacktrace
1921 +and finally the error message <span class="emphasis">OSError: [Errno 22] Invalid argument</span>:
1922 +</p>
1923 +<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1924 +<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Stacktrace dump when portage fails to install software</p></td></tr>
1925 +<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
1926 +Traceback (most recent call last):
1927 + File "http://www.gentoo.org/usr/bin/emerge", line 43, in &lt;module&gt;
1928 + retval = emerge_main()
1929 + File "http://www.gentoo.org/usr/lib64/portage/pym/_emerge/main.py", line 1906, in emerge_main
1930 + myopts, myaction, myfiles, spinner)
1931 + File "http://www.gentoo.org/usr/lib64/portage/pym/_emerge/actions.py", line 437, in action_build
1932 + retval = mergetask.merge()
1933 +...
1934 + File "http://www.gentoo.org/usr/lib64/portage/pym/portage/package/ebuild/doebuild.py", line 104, in _doebuild_spawn
1935 + return spawn(cmd, settings, **kwargs)
1936 + File "http://www.gentoo.org/usr/lib64/portage/pym/portage/package/ebuild/doebuild.py", line 1255, in spawn
1937 + return spawn_func(mystring, env=mysettings.environ(), **keywords)
1938 + File "http://www.gentoo.org/usr/lib64/portage/pym/portage/_selinux.py", line 105, in wrapper_func
1939 + setexec(con)
1940 + File "http://www.gentoo.org/usr/lib64/portage/pym/portage/_selinux.py", line 79, in setexec
1941 + if selinux.setexeccon(ctx) &lt; 0:
1942 +OSError: [Errno 22] Invalid argument
1943 +</pre></td></tr>
1944 +</table>
1945 +<p class="secthead"><a name="doc_chap1_sect1">Wrong Context</a></p>
1946 +<p>
1947 +The above error comes when you launch portage (through <span class="code" dir="ltr">emerge</span>) while you
1948 +are not in <span class="code" dir="ltr">sysadm_t</span> context. You can verify this with <span class="code" dir="ltr">id -Z</span>:
1949 +</p>
1950 +<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1951 +<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Checking current context</p></td></tr>
1952 +<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
1953 +~# <span class="code-input">id -Z</span>
1954 +system_u:system_r:local_login_t
1955 +</pre></td></tr>
1956 +</table>
1957 +<p>
1958 +As long as the context isn't <span class="code" dir="ltr">sysadm_t</span>, then Portage will break. This is
1959 +because Portage wants to switch its execution context from <span class="code" dir="ltr">portage_t</span> to
1960 +<span class="code" dir="ltr">portage_sandbox_t</span> but fails (it isn't in <span class="code" dir="ltr">portage_t</span> to begin with
1961 +because the user who launched Portage isn't in <span class="code" dir="ltr">sysadm_t</span>).
1962 +</p>
1963 +<p>
1964 +Please check <a href="#doc_chap2">Unable to Log On</a> above first. Also
1965 +make sure that you can <span class="code" dir="ltr">dispatch-conf</span> or <span class="code" dir="ltr">etc-update</span> after
1966 +installing SELinux so that <span class="path" dir="ltr">/etc/pam.d/system-login</span> is updated with
1967 +the right <span class="path" dir="ltr">pam_selinux.so</span> calls.
1968 +</p>
1969 +<p class="secthead"><a name="doc_chap1_sect1">Forcing Installation</a></p>
1970 +<p>
1971 +If you need to force Portage to continue regardless (for instance, you were in
1972 +the middle of a SELinux installation so cannot properly resolve such issues
1973 +now), run the <span class="code" dir="ltr">emerge</span> command but with <span class="code" dir="ltr">FEATURES="-selinux"</span>. This
1974 +will effectively disable Portage' SELinux integration, but allows you to
1975 +continue installing software.
1976 +</p>
1977 +<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
1978 +<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Running emerge without selinux support</p></td></tr>
1979 +<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
1980 +~# <span class="code-input">FEATURES="-selinux" emerge -u world</span>
1981 +</pre></td></tr>
1982 +</table>
1983 +<p>
1984 +Make sure that you relabel the entire file system after using this approach!
1985 +Portage will not label the files installed on the system correctly if you
1986 +disable its SELinux support. To relabel the entire file system, use <span class="code" dir="ltr">rlpkg -a
1987 +-r</span>.
1988 +</p>
1989 </td>
1990 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
1991 -<tr><td class="topsep" align="center"><p class="alttext">Updated February 24, 2011</p></td></tr>
1992 +<tr><td class="topsep" align="center"><p class="alttext">Page updated December 11, 2011</p></td></tr>
1993 <tr lang="en"><td align="center" class="topsep">
1994 <p class="alttext"><b>Donate</b> to support our development efforts.
1995 </p>
1996 @@ -206,7 +279,7 @@ contexts</span> that you see in the output with the next table.
1997 </table></td>
1998 </tr></table></td></tr>
1999 <tr><td colspan="2" align="right" class="infohead">
2000 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2001 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2002 </td></tr>
2003 </table></body>
2004 </html>
2005
2006 diff --git a/html/selinux/index.html b/html/selinux/index.html
2007 index b61b1b8..60e3ac5 100644
2008 --- a/html/selinux/index.html
2009 +++ b/html/selinux/index.html
2010 @@ -210,7 +210,7 @@ reassigned by the team.
2011 </table></td>
2012 </tr></table></td></tr>
2013 <tr><td colspan="2" align="right" class="infohead">
2014 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2015 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2016 </td></tr>
2017 </table></body>
2018 </html>
2019
2020 diff --git a/html/selinux/selinux-handbook.html b/html/selinux/selinux-handbook.html
2021 index a903353..038daf2 100644
2022 --- a/html/selinux/selinux-handbook.html
2023 +++ b/html/selinux/selinux-handbook.html
2024 @@ -124,7 +124,9 @@ them.
2025 <!--
2026 <rdf:RDF xmlns="http://web.resource.org/cc/"
2027 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
2028 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
2029 +
2030 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
2031 +
2032 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
2033 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
2034 <requires rdf:resource="http://web.resource.org/cc/Notice" />
2035 @@ -138,7 +140,7 @@ them.
2036 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
2037 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="pebenito@g.o?style=printable">Print</a></p></td></tr>
2038 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View all handbook in one page" class="altlink" href="pebenito@g.o?full=1">View all</a></p></td></tr>
2039 -<tr><td class="topsep" align="center"><p class="alttext">Updated September 18, 2011</p></td></tr>
2040 +<tr><td class="topsep" align="center"><p class="alttext">Page updated September 18, 2011</p></td></tr>
2041 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
2042 This is the Gentoo SELinux Handbook.
2043 </p></td></tr>
2044 @@ -160,7 +162,7 @@ This is the Gentoo SELinux Handbook.
2045 </table></td>
2046 </tr></table></td></tr>
2047 <tr><td colspan="2" align="right" class="infohead">
2048 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2049 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2050 </td></tr>
2051 </table></body>
2052 </html>
2053
2054 diff --git a/html/support-state.html b/html/support-state.html
2055 index a42568c..facf1be 100644
2056 --- a/html/support-state.html
2057 +++ b/html/support-state.html
2058 @@ -235,7 +235,7 @@ reports and feedback).
2059 </td>
2060 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
2061 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="roadmap.xml?style=printable">Print</a></p></td></tr>
2062 -<tr><td class="topsep" align="center"><p class="alttext">Updated November 17, 2011</p></td></tr>
2063 +<tr><td class="topsep" align="center"><p class="alttext">Page updated November 17, 2011</p></td></tr>
2064 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
2065 The support state of the Gentoo Hardened project describes the supported
2066 platforms, setups and additional requirements for each of the subprojects
2067 @@ -255,7 +255,7 @@ involved.
2068 </table></td>
2069 </tr></table></td></tr>
2070 <tr><td colspan="2" align="right" class="infohead">
2071 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2072 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2073 </td></tr>
2074 </table></body>
2075 </html>
2076
2077 diff --git a/html/toolchain-upgrade-guide.html b/html/toolchain-upgrade-guide.html
2078 index ad0e75b..1eb72de 100644
2079 --- a/html/toolchain-upgrade-guide.html
2080 +++ b/html/toolchain-upgrade-guide.html
2081 @@ -242,7 +242,9 @@ Technical Description of the Gentoo Hardened Toolchain</a></li>
2082 <!--
2083 <rdf:RDF xmlns="http://web.resource.org/cc/"
2084 xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
2085 - <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
2086 +
2087 + <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
2088 +
2089 <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
2090 <permits rdf:resource="http://web.resource.org/cc/Distribution" />
2091 <requires rdf:resource="http://web.resource.org/cc/Notice" />
2092 @@ -255,7 +257,7 @@ Technical Description of the Gentoo Hardened Toolchain</a></li>
2093 </td>
2094 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
2095 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="toolchain-upgrade-guide.xml?style=printable">Print</a></p></td></tr>
2096 -<tr><td class="topsep" align="center"><p class="alttext">Updated February 22, 2007</p></td></tr>
2097 +<tr><td class="topsep" align="center"><p class="alttext">Page updated February 22, 2007</p></td></tr>
2098 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
2099 Guide for upgrading from hardened gcc-3/glibc-2.3/binutils-2.16 to gcc-4/glibc-2.5/binutils-2.17.
2100 </p></td></tr>
2101 @@ -273,7 +275,7 @@ Guide for upgrading from hardened gcc-3/glibc-2.3/binutils-2.16 to gcc-4/glibc-2
2102 </table></td>
2103 </tr></table></td></tr>
2104 <tr><td colspan="2" align="right" class="infohead">
2105 -Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2106 +Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
2107 </td></tr>
2108 </table></body>
2109 </html>
Report Message
Find on MARC Find on Google Groups