| 1 |
On 22/05/28 10:28PM, Andreas K. Huettel wrote: |
| 2 |
> Hi all, |
| 3 |
> |
| 4 |
> it's time for introducing 22.0 profiles [1] - so if you have any things that need to |
| 5 |
> be switched in an incompatible way tree-wide, or if you have any suggestions on how |
| 6 |
> to change our default settings, please reply to this mail with details! |
| 7 |
> |
| 8 |
|
| 9 |
The currently existing systemd/selinux profiles need to be replaced with |
| 10 |
systemd/hardened and systemd/hardened/selinux profiles. So, instead of |
| 11 |
(for example): |
| 12 |
|
| 13 |
default/linux/amd64/20.0/no-multilib/systemd/selinux |
| 14 |
default/linux/amd64/20.0/systemd/selinux |
| 15 |
|
| 16 |
We would instead have: |
| 17 |
|
| 18 |
default/linux/amd64/20.0/no-multilib/systemd/hardened/selinux |
| 19 |
default/linux/amd64/20.0/no-multilib/systemd/hardened |
| 20 |
default/linux/amd64/20.0/systemd/hardened |
| 21 |
default/linux/amd64/20.0/systemd/hardened/selinux |
| 22 |
|
| 23 |
The takeaway is that the systemd/selinux profiles should have hardened |
| 24 |
as a parent for consistency with the other SELinux profiles. |
| 25 |
|
| 26 |
/* Kenton Groombridge */ |
Archives