| 1 |
Hi Sven, |
| 2 |
|
| 3 |
Did you identify what the wierdness was. I'd like to eventually clean |
| 4 |
up the profiles. Rather than |
| 5 |
|
| 6 |
[1] default/linux/amd64/10.0 |
| 7 |
[2] default/linux/amd64/10.0/desktop |
| 8 |
[3] default/linux/amd64/10.0/desktop/gnome |
| 9 |
[4] default/linux/amd64/10.0/desktop/kde |
| 10 |
[5] default/linux/amd64/10.0/developer |
| 11 |
[6] default/linux/amd64/10.0/no-multilib |
| 12 |
[7] default/linux/amd64/10.0/server |
| 13 |
[8] hardened/linux/amd64 |
| 14 |
[9] hardened/linux/amd64/no-multilib |
| 15 |
[10] selinux/2007.0/amd64 |
| 16 |
[11] selinux/2007.0/amd64/hardened |
| 17 |
[12] selinux/v2refpolicy/amd64 |
| 18 |
[13] selinux/v2refpolicy/amd64/desktop |
| 19 |
[14] selinux/v2refpolicy/amd64/developer |
| 20 |
[15] selinux/v2refpolicy/amd64/hardened * |
| 21 |
[16] selinux/v2refpolicy/amd64/server |
| 22 |
|
| 23 |
I'd like the selinux to conform to the hardened/linux/amd64, ie change |
| 24 |
10-16 to just |
| 25 |
|
| 26 |
selinux/v2refpolicy/amd64 |
| 27 |
selinux/v2refpolicy/amd64/no-multilib |
| 28 |
|
| 29 |
The /desktop /developer /server would not be deprecated, but present |
| 30 |
silently as they are for hardened/linux/amd64. |
| 31 |
|
| 32 |
|
| 33 |
On 03/18/2011 02:12 AM, Sven Vermeulen wrote: |
| 34 |
> Hi all, |
| 35 |
> |
| 36 |
> I had no issues turing a no-multilib (hardened/linux/amd64/no-multilib) |
| 37 |
> system into a SELinux enabled one. I did not however change profiles, as the |
| 38 |
> feedback I've received earlier indicates that the profiles might have |
| 39 |
> some... weird things happening ;-) |
| 40 |
> |
| 41 |
> So I just made local overrides in /etc/portage/profile: |
| 42 |
> |
| 43 |
> - make.defaults |
| 44 |
> USE="selinux -acl" |
| 45 |
> FEATURES="selinux sesandbox sfperms" |
| 46 |
> PORTAGE_T="portage_t" |
| 47 |
> PORTAGE_FETCH_T="portage_fetch_t" |
| 48 |
> PORTAGE_SANDBOX_T="portage_sandbox_t" |
| 49 |
> - package.mask |
| 50 |
> * Unmask sec-policy/* |
| 51 |
> * Mask sec-policy/selinux-*-3 and higher (to force the use of the |
| 52 |
> 2.20101213 ones) |
| 53 |
> * Unmask setools, sepolgen, checkpolicy, libselinux, libsemanage, |
| 54 |
> policycoreutils |
| 55 |
> - package.use.force |
| 56 |
> sys-apps/portage python2 |
| 57 |
> - package.use.mask |
| 58 |
> sys-apps/portage python3 |
| 59 |
> - profile.bashrc |
| 60 |
> SANDBOX_WRITE="${SANDBOXWRITE}:/selinux/" |
| 61 |
> SANDBOX_WRITE="${SANDBOXWRITE}:/proc/self/" |
| 62 |
> - use.force |
| 63 |
> selinux |
| 64 |
> - use.mask |
| 65 |
> -hardened |
| 66 |
> -selinux |
| 67 |
> emul-linux-x86 |
| 68 |
> multilib |
| 69 |
> x264 |
| 70 |
> tcc |
| 71 |
> |
| 72 |
> Runs in enforcing mode (strict policy), gcc -v shows "--disable-multilib". |
| 73 |
> |
| 74 |
> Wkr, |
| 75 |
> Sven Vermeulen |
| 76 |
|
| 77 |
|
| 78 |
-- |
| 79 |
Anthony G. Basile, Ph. D. |
| 80 |
Chair of Information Technology |
| 81 |
D'Youville College |
| 82 |
Buffalo, NY 14201 |
| 83 |
(716) 829-8197 |
Archives