[gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/ - gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/
Date:	Tue, 03 May 2011 20:12:18
Message-Id:	`37823f895ec2add96e802cedcf0d13d909bfa08e.SwifT@gentoo`

1

commit:     37823f895ec2add96e802cedcf0d13d909bfa08e

2

Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

3

AuthorDate: Tue May  3 20:09:22 2011 +0000

4

Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>

5

CommitDate: Tue May  3 20:09:22 2011 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=37823f89

7

8

Add information on ubac USE flag as well as other SELinux-related USE flags

9

10

---

11

 xml/selinux/hb-intro-concepts.xml |    9 ++++-

12

 xml/selinux/hb-using-install.xml  |   56 +++++++++++++++++++++++++++++++++++-

13

 2 files changed, 61 insertions(+), 4 deletions(-)

14

15

diff --git a/xml/selinux/hb-intro-concepts.xml b/xml/selinux/hb-intro-concepts.xml

16

index f1cbc71..4a3ea90 100644

17

--- a/xml/selinux/hb-intro-concepts.xml

18

+++ b/xml/selinux/hb-intro-concepts.xml

19

@@ -7,8 +7,8 @@

20

 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-install.xml,v 1.5 2010/06/25 16:07:19 pebenito Exp $ -->

21

22

 <sections>

23

-<version>3</version>

24

-<date>2011-04-15</date>

25

+<version>4</version>

26

+<date>2011-05-03</date>

27

28

 <section>

29

 <title>Introduction</title>

30

@@ -510,6 +510,11 @@ which has write access to the domain of the file, but can still not write to the

31

 file because the SELinux users' differ.

32

 </p>

33

34

+<p>

35

+At this moment, Gentoo Hardened SELinux' supports both policies with and

36

+without UBAC. This is controlled through the <c>ubac</c> USE flag.

37

+</p>

38

+

39

 </body>

40

 </subsection>

41

 </section>

42

43

diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-install.xml

44

index 30dc495..a6a61a3 100644

45

--- a/xml/selinux/hb-using-install.xml

46

+++ b/xml/selinux/hb-using-install.xml

47

@@ -197,14 +197,66 @@ installation is completed.

48

 </note>

49

50

<p>

51

+Don't update your system yet - we will need to install a couple of packages in a

52

+particular order which Portage isn't aware of in the next couple of sections. 

53

+</p>

54

+

55

+</body>

56

+</subsection>

57

+<subsection>

58

+<title>Update make.conf</title>

59

+<body>

60

+

61

+<p>

62

 Edit your <path>/etc/make.conf</path> file and set

63

 <c>FEATURES="-loadpolicy"</c>. The current SELinux profile enables the

64

 loadpolicy feature, but this isn't supported anymore so can be safely ignored.

65

 </p>

66

67

<p>

68

-Don't update your system yet - we will need to install a couple of packages in a

69

-particular order which Portage isn't aware of in the next couple of sections. 

70

+Next, take a look at the following USE flags and decide if you want to enable

71

+or disable them.

72

+</p>

73

+

74

+<table>

75

+<tr>

76

+  <th>USE flag</th>

77

+  <th>Default Value</th>

78

+  <th>Description</th>

79

+</tr>

80

+<tr>

81

+  <ti>peer_perms</ti>

82

+  <ti>Enabled</ti>

83

+  <ti>

84

+    The peer_perms capability controls the SELinux policy network peer controls.

85

+    If set, the access control mechanisms that SELinux uses for network based

86

+    labelling are consolidated. This setting is recommended as the policy is

87

+    also updated to reflect this. If not set, the old mechanisms (NetLabel and

88

+    Labeled IPsec) are used side by side.

89

+  </ti>

90

+</tr>

91

+<tr>

92

+  <ti>open_perms</ti>

93

+  <ti>Disabled</ti>

94

+  <ti>

95

+    The open_perms capability enables the SELinux permission "open" for files

96

+    and file-related classes. 

97

+  </ti>

98

+</tr>

99

+<tr>

100

+  <ti>ubac</ti>

101

+  <ti>Disabled</ti>

102

+  <ti>

103

+    When enabled, the SELinux policy is built with user-based access control

104

+    enabled. This is optional as it introduces constraints that might be

105

+    difficult to notice at first when you hit them.

106

+  </ti>

107

+</tr>

108

+</table>

109

+

110

+<p>

111

+Make your choice and update the <c>USE</c> variable in

112

+<path>/etc/make.conf</path>.

113

 </p>

114

115

 </body>

1	commit: 37823f895ec2add96e802cedcf0d13d909bfa08e
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Tue May 3 20:09:22 2011 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Tue May 3 20:09:22 2011 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=37823f89
7
8	Add information on ubac USE flag as well as other SELinux-related USE flags
9
10	---
11	xml/selinux/hb-intro-concepts.xml \| 9 ++++-
12	xml/selinux/hb-using-install.xml \| 56 +++++++++++++++++++++++++++++++++++-
13	2 files changed, 61 insertions(+), 4 deletions(-)
14
15	diff --git a/xml/selinux/hb-intro-concepts.xml b/xml/selinux/hb-intro-concepts.xml
16	index f1cbc71..4a3ea90 100644
17	--- a/xml/selinux/hb-intro-concepts.xml
18	+++ b/xml/selinux/hb-intro-concepts.xml
19	@@ -7,8 +7,8 @@
20	<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-install.xml,v 1.5 2010/06/25 16:07:19 pebenito Exp $ -->
21
22	<sections>
23	-<version>3</version>
24	-<date>2011-04-15</date>
25	+<version>4</version>
26	+<date>2011-05-03</date>
27
28	<section>
29	<title>Introduction</title>
30	@@ -510,6 +510,11 @@ which has write access to the domain of the file, but can still not write to the
31	file because the SELinux users' differ.
32	</p>
33
34	+<p>
35	+At this moment, Gentoo Hardened SELinux' supports both policies with and
36	+without UBAC. This is controlled through the <c>ubac</c> USE flag.
37	+</p>
38	+
39	</body>
40	</subsection>
41	</section>
42
43	diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-install.xml
44	index 30dc495..a6a61a3 100644
45	--- a/xml/selinux/hb-using-install.xml
46	+++ b/xml/selinux/hb-using-install.xml
47	@@ -197,14 +197,66 @@ installation is completed.
48	</note>
49
50	<p>
51	+Don't update your system yet - we will need to install a couple of packages in a
52	+particular order which Portage isn't aware of in the next couple of sections.
53	+</p>
54	+
55	+</body>
56	+</subsection>
57	+<subsection>
58	+<title>Update make.conf</title>
59	+<body>
60	+
61	+<p>
62	Edit your <path>/etc/make.conf</path> file and set
63	<c>FEATURES="-loadpolicy"</c>. The current SELinux profile enables the
64	loadpolicy feature, but this isn't supported anymore so can be safely ignored.
65	</p>
66
67	<p>
68	-Don't update your system yet - we will need to install a couple of packages in a
69	-particular order which Portage isn't aware of in the next couple of sections.
70	+Next, take a look at the following USE flags and decide if you want to enable
71	+or disable them.
72	+</p>
73	+
74	+<table>
75	+<tr>
76	+ <th>USE flag</th>
77	+ <th>Default Value</th>
78	+ <th>Description</th>
79	+</tr>
80	+<tr>
81	+ <ti>peer_perms</ti>
82	+ <ti>Enabled</ti>
83	+ <ti>
84	+ The peer_perms capability controls the SELinux policy network peer controls.
85	+ If set, the access control mechanisms that SELinux uses for network based
86	+ labelling are consolidated. This setting is recommended as the policy is
87	+ also updated to reflect this. If not set, the old mechanisms (NetLabel and
88	+ Labeled IPsec) are used side by side.
89	+ </ti>
90	+</tr>
91	+<tr>
92	+ <ti>open_perms</ti>
93	+ <ti>Disabled</ti>
94	+ <ti>
95	+ The open_perms capability enables the SELinux permission "open" for files
96	+ and file-related classes.
97	+ </ti>
98	+</tr>
99	+<tr>
100	+ <ti>ubac</ti>
101	+ <ti>Disabled</ti>
102	+ <ti>
103	+ When enabled, the SELinux policy is built with user-based access control
104	+ enabled. This is optional as it introduces constraints that might be
105	+ difficult to notice at first when you hit them.
106	+ </ti>
107	+</tr>
108	+</table>
109	+
110	+<p>
111	+Make your choice and update the <c>USE</c> variable in
112	+<path>/etc/make.conf</path>.
113	</p>
114
115	</body>

Gentoo Archives: gentoo-commits