1 |
Hi guys, |
2 |
|
3 |
I've pushed out live ebuilds for the SELinux policies to the hardened-dev |
4 |
overlay. They will pull the policies from the git repository that I develop |
5 |
the policies in [1]. This allows some users to get the most recent changes |
6 |
if they can't wait for the ebuilds themselves. |
7 |
|
8 |
Note however that, if you use this, you will need to update your policies |
9 |
using the following command: |
10 |
|
11 |
~# emerge selinux-base selinux-base-policy; emerge $(qlist -IC sec-policy) |
12 |
|
13 |
This because the dependencies for the modules are always resolved (they all |
14 |
refer to -9999 which is then always satisfied) so we need to pull them in |
15 |
explicitly. We first install the base ones (to make sure the interfaces are |
16 |
properly stored on the file system and the core modules are loaded) and then |
17 |
all installed modules (this will pull the base/base-policy in again but that |
18 |
shouldn't hurt). |
19 |
|
20 |
The overlay also contains an update for the eclass to support live ebuilds |
21 |
for the SELinux policy modules, but it looks like overlays automatically |
22 |
take precendence for eclasses as well. |
23 |
|
24 |
Wkr, |
25 |
Sven Vermeulen |
26 |
|
27 |
[1] http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=summary |