Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: "Anthony G. Basile" <basile@××××××××××××××.edu>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Adding a new selinux profile to default/linux/{amd64,x86}/10.0
Date: Thu, 08 Dec 2011 00:19:02
Message-Id: 4EE001D0.4030007@opensource.dyc.edu
In Reply to: Re: [gentoo-dev] Adding a new selinux profile to default/linux/{amd64,x86}/10.0 by Mike Frysinger
1 On 12/07/2011 01:44 PM, Mike Frysinger wrote:
2 > On Wednesday 07 December 2011 09:07:41 Anthony G. Basile wrote:
3 >> Some time ago the selinux team restructured the selinux profiles and
4 >> made a features/selinux which could be stacked on the hardened profiles
5 >> for x86/amd64. At that time I also tested and found that it stacked
6 >> fine on default/linux/{amd64,x86}/10.0. I'm emailing the list to see if
7 >> there's any reason why we shouldn't add
8 >> default/linux/{amd64,x86}/10.0/selinux. Currently I prefer adding it
9 >> directly to 10.0 rather than 10.0/server because the status of the later
10 >> is uncertain. Selinux on the desktops is not being strongly supported
11 >> so its not appropriate there either, leaving only 10.0/selinux. If
12 >> added eselect profile list would show
13 >>
14 >> [1] default/linux/amd64/10.0
15 >> [2] default/linux/amd64/10.0/selinux
16 >> [3] default/linux/amd64/10.0/desktop
17 >> [4] default/linux/amd64/10.0/desktop/gnome
18 >> [5] default/linux/amd64/10.0/desktop/kde
19 >> [6] default/linux/amd64/10.0/developer
20 >> [7] default/linux/amd64/10.0/no-multilib
21 >> [8] default/linux/amd64/10.0/server
22 >> [9] hardened/linux/amd64 *
23 >> [10] hardened/linux/amd64/selinux
24 >> [11] hardened/linux/amd64/no-multilib
25 >> [12] hardened/linux/amd64/no-multilib/selinux
26 >
27 > we have the selinux/ root. is that no longer necessary ?
28 > -mike
29
30 We deprecated that when we moved to the features/selinux. The point was
31 to avoid duplication and maintain all selinux profile stuff in one
32 place, then just stack it on top of other profiles like we did with [10]
33 and [12] above. We now want to extend it to [2].
34
35 --
36 Anthony G. Basile, Ph. D.
37 Chair of Information Technology
38 D'Youville College
39 Buffalo, NY 14201
40 (716) 829-8197
Report Message
Find on MARC Find on Google Groups