1 |
Hi Sven, |
2 |
|
3 |
Did you identify what the wierdness was. I'd like to eventually clean |
4 |
up the profiles. Rather than |
5 |
|
6 |
[1] default/linux/amd64/10.0 |
7 |
[2] default/linux/amd64/10.0/desktop |
8 |
[3] default/linux/amd64/10.0/desktop/gnome |
9 |
[4] default/linux/amd64/10.0/desktop/kde |
10 |
[5] default/linux/amd64/10.0/developer |
11 |
[6] default/linux/amd64/10.0/no-multilib |
12 |
[7] default/linux/amd64/10.0/server |
13 |
[8] hardened/linux/amd64 |
14 |
[9] hardened/linux/amd64/no-multilib |
15 |
[10] selinux/2007.0/amd64 |
16 |
[11] selinux/2007.0/amd64/hardened |
17 |
[12] selinux/v2refpolicy/amd64 |
18 |
[13] selinux/v2refpolicy/amd64/desktop |
19 |
[14] selinux/v2refpolicy/amd64/developer |
20 |
[15] selinux/v2refpolicy/amd64/hardened * |
21 |
[16] selinux/v2refpolicy/amd64/server |
22 |
|
23 |
I'd like the selinux to conform to the hardened/linux/amd64, ie change |
24 |
10-16 to just |
25 |
|
26 |
selinux/v2refpolicy/amd64 |
27 |
selinux/v2refpolicy/amd64/no-multilib |
28 |
|
29 |
The /desktop /developer /server would not be deprecated, but present |
30 |
silently as they are for hardened/linux/amd64. |
31 |
|
32 |
|
33 |
On 03/18/2011 02:12 AM, Sven Vermeulen wrote: |
34 |
> Hi all, |
35 |
> |
36 |
> I had no issues turing a no-multilib (hardened/linux/amd64/no-multilib) |
37 |
> system into a SELinux enabled one. I did not however change profiles, as the |
38 |
> feedback I've received earlier indicates that the profiles might have |
39 |
> some... weird things happening ;-) |
40 |
> |
41 |
> So I just made local overrides in /etc/portage/profile: |
42 |
> |
43 |
> - make.defaults |
44 |
> USE="selinux -acl" |
45 |
> FEATURES="selinux sesandbox sfperms" |
46 |
> PORTAGE_T="portage_t" |
47 |
> PORTAGE_FETCH_T="portage_fetch_t" |
48 |
> PORTAGE_SANDBOX_T="portage_sandbox_t" |
49 |
> - package.mask |
50 |
> * Unmask sec-policy/* |
51 |
> * Mask sec-policy/selinux-*-3 and higher (to force the use of the |
52 |
> 2.20101213 ones) |
53 |
> * Unmask setools, sepolgen, checkpolicy, libselinux, libsemanage, |
54 |
> policycoreutils |
55 |
> - package.use.force |
56 |
> sys-apps/portage python2 |
57 |
> - package.use.mask |
58 |
> sys-apps/portage python3 |
59 |
> - profile.bashrc |
60 |
> SANDBOX_WRITE="${SANDBOXWRITE}:/selinux/" |
61 |
> SANDBOX_WRITE="${SANDBOXWRITE}:/proc/self/" |
62 |
> - use.force |
63 |
> selinux |
64 |
> - use.mask |
65 |
> -hardened |
66 |
> -selinux |
67 |
> emul-linux-x86 |
68 |
> multilib |
69 |
> x264 |
70 |
> tcc |
71 |
> |
72 |
> Runs in enforcing mode (strict policy), gcc -v shows "--disable-multilib". |
73 |
> |
74 |
> Wkr, |
75 |
> Sven Vermeulen |
76 |
|
77 |
|
78 |
-- |
79 |
Anthony G. Basile, Ph. D. |
80 |
Chair of Information Technology |
81 |
D'Youville College |
82 |
Buffalo, NY 14201 |
83 |
(716) 829-8197 |