| 1 |
Hi everyone, |
| 2 |
|
| 3 |
Tomorrow I'll be adding a new selinux "feature" profile to the tree. |
| 4 |
The idea behind this is like other features, it can be stacked on top of |
| 5 |
other profiles and add a feature to that profile, in this case make it |
| 6 |
selinux aware. |
| 7 |
|
| 8 |
We've already done preliminary testing and found that it "works" for |
| 9 |
hardened/linux/amd64, hardened/linux/amd64/no-multilib, |
| 10 |
hardened/linux/x86, as well as some vanilla profiles. Works here means |
| 11 |
"not without some kinks." |
| 12 |
|
| 13 |
You'll see one or two new profiles appear. On amd64, you'll get two new |
| 14 |
profiles: |
| 15 |
|
| 16 |
hardened/linux/amd64/selinux |
| 17 |
hardened/linux/amd64/no-multilib/selinux |
| 18 |
|
| 19 |
and on x86 you'll get |
| 20 |
|
| 21 |
hardened/linux/x86/selinux |
| 22 |
|
| 23 |
As the name suggests, these will stack selinux on top of their |
| 24 |
respective hardened profile. |
| 25 |
|
| 26 |
You are free to test these, but remember they'll be marked "dev" and not |
| 27 |
"stable". Also these do NOT replace the current selinux profiles |
| 28 |
selinux/v2refpolicy/*. In time, they be obsolete them, but for the time |
| 29 |
being, the new feature profile is experimental. |
| 30 |
|
| 31 |
-- |
| 32 |
Anthony G. Basile, Ph.D. |
| 33 |
Gentoo Linux Developer [Hardened] |
| 34 |
E-Mail : blueness@g.o |
| 35 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 36 |
GnuPG ID : D0455535 |
Archives