| 1 |
Hi guys, |
| 2 |
|
| 3 |
I've pushed out live ebuilds for the SELinux policies to the hardened-dev |
| 4 |
overlay. They will pull the policies from the git repository that I develop |
| 5 |
the policies in [1]. This allows some users to get the most recent changes |
| 6 |
if they can't wait for the ebuilds themselves. |
| 7 |
|
| 8 |
Note however that, if you use this, you will need to update your policies |
| 9 |
using the following command: |
| 10 |
|
| 11 |
~# emerge selinux-base selinux-base-policy; emerge $(qlist -IC sec-policy) |
| 12 |
|
| 13 |
This because the dependencies for the modules are always resolved (they all |
| 14 |
refer to -9999 which is then always satisfied) so we need to pull them in |
| 15 |
explicitly. We first install the base ones (to make sure the interfaces are |
| 16 |
properly stored on the file system and the core modules are loaded) and then |
| 17 |
all installed modules (this will pull the base/base-policy in again but that |
| 18 |
shouldn't hurt). |
| 19 |
|
| 20 |
The overlay also contains an update for the eclass to support live ebuilds |
| 21 |
for the SELinux policy modules, but it looks like overlays automatically |
| 22 |
take precendence for eclasses as well. |
| 23 |
|
| 24 |
Wkr, |
| 25 |
Sven Vermeulen |
| 26 |
|
| 27 |
[1] http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=summary |
Archives