Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Chris PeBenito <pebenito@g.o>
To: Hardened Gentoo Mail List <gentoo-hardened@g.o>
Cc: gentoo-security@g.o, Martin Schlemmer <azarah@g.o>
Subject: Re: [gentoo-hardened] ANNOUNCE: New SELinux API
Date: Wed, 29 Oct 2003 06:59:46
Message-Id: 1067410784.5078.42.camel@chris.pebenito.net
In Reply to: [gentoo-hardened] ANNOUNCE: New SELinux API by Chris PeBenito
1 On Tue, 2003-10-21 at 08:43, Chris PeBenito wrote:
2 > Announcing the new SELinux API
3
4 The transition to the new API has been completed. All of the old API
5 patches, policy, and other stuff has been removed, and the new patches
6 are in. I checked, and they should be on the mirrors.
7
8 Thanks to the people that helped test.
9
10 A few notes:
11
12 * Make sure you have the newest portage, as there is a fix for a
13 sandbox violation in 2.0.49-r15.
14
15 * Strict manifest checking for portage and secure filesystem
16 permissions have been enabled in the profile (FEATURES="strict
17 sfperms"). This is a hardened profile after all. :)
18
19 * Method worked hard on the new python-selinux. We've done a bunch of
20 testing on it, and it should work better than the old one. The new API
21 is simpler than the old one, which made things easier.
22
23 * The upcoming hardened-sources-2.4.22 will have the new API.
24 Hopefully that will be available soon.
25
26 * The ...security directories, which are located at the root of each
27 filesystem, can be removed. The old API used this directory to store the
28 file labels. The new API stores file labels in extended attributes, thus
29 ...security is no longer used.
30
31 * The few daemon policies will be updated in the next couple days.
32
33 * app-admin/setools has a new version that has tools to work on the new
34 API. Portage will show it as a downgrade, because upstream they changed
35 the versioning scheme. Setools requires X, but not SELinux, so you can
36 use it on a regular workstation, to edit or analyze your policy.
37
38
39 --
40 Chris PeBenito
41 <pebenito@g.o>
42 Developer, SELinux
43 Hardened Gentoo Linux
44
45 Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
46 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-hardened] ANNOUNCE: New SELinux API Mike Williams <mike@××××××××.uk>
Report Message
Find on MARC Find on Google Groups