| 1 |
On 10/22/2013 01:09 PM, Rick "Zero_Chaos" Farina wrote: |
| 2 |
> |
| 3 |
> 4.0 Selinux |
| 4 |
> 5.0 System Integrity |
| 5 |
> 6.0 Profile |
| 6 |
> I'd like to specifically discuss bringing back the desktop profile by |
| 7 |
> user request. |
| 8 |
> |
| 9 |
> |
| 10 |
The old desktop/server/developer profiles were removed for a good |
| 11 |
reason. They cannot stack properly given their directory location and |
| 12 |
conflicting inheritance requirements. We cannot bring them back as they |
| 13 |
were else we will re-introduce the ancient multilib vs non-mutlilib |
| 14 |
selinux issue in one manifestation or another. |
| 15 |
|
| 16 |
Nonetheless, I think a desktop profile for hardened is possible along |
| 17 |
the lines of what was done for selinux, ie put it in features. Only if |
| 18 |
the desktop profile lands at the very bottom of the profile stack will |
| 19 |
this work. Alternatively, you can duplicate the desktop profile from |
| 20 |
default/linux in hardened/linux and do a simple inheritance from its |
| 21 |
parent. This "duplication" would really not be much of a duplication |
| 22 |
because there's probably stuff you want to tweak for your own purposes. |
| 23 |
|
| 24 |
I was going to remove those deprecated directories today, but I can hold |
| 25 |
off. To be clear, I'm not against a hardened desktop profile, just not |
| 26 |
the implementation we had which was broken. |
| 27 |
|
| 28 |
-- |
| 29 |
Anthony G. Basile, Ph.D. |
| 30 |
Gentoo Linux Developer [Hardened] |
| 31 |
E-Mail : blueness@g.o |
| 32 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
| 33 |
GnuPG ID : F52D4BBA |
Archives