Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] SELinux Gentoo profiles (the /usr/portage/profiles kind)
Date: Mon, 02 May 2011 13:02:44
Message-Id: 4DBE9D9F.8090904@gentoo.org
In Reply to: Re: [gentoo-hardened] SELinux Gentoo profiles (the /usr/portage/profiles kind) by "Anthony G. Basile"
1 Hi guys,
2
3 1) I've opened up a tracker bug for switching to the new style profiles
4 for selinux:
5
6 http://bugs.gentoo.org/show_bug.cgi?id=365483
7
8 2) I've done some preliminary testing and it looks like they not only
9 work, but solve the amd64/nomultilib problem. I built such a system
10 with no problems.
11
12 3) The next step will be to add them to the tree side-by-side with the
13 existing selinux profiles. We can do this early, even within a week or
14 so since it will not break anything and will expose the new profile
15 structure to others for testing. I'll wait to hear back from the other
16 selinuxers before acting on this.
17
18 If anyone wants to test before they get to the tree, do the following
19
20 git clone git://git.overlays.gentoo.org/proj/hardened-dev.git
21 cd hardened-dev/
22 git branch profiles-selinux
23 git checkout profiles-selinux
24 git pull origin profiles-selinux
25 sudo mount --bin profiles/ /usr/portage/profiles/
26 sudo eselect profile list
27
28 You should now see
29
30 Available profile symlink targets:
31 [1] default/linux/amd64/10.0
32 [2] default/linux/amd64/10.0/desktop
33 [3] default/linux/amd64/10.0/desktop/gnome
34 [4] default/linux/amd64/10.0/desktop/kde
35 [5] default/linux/amd64/10.0/developer
36 [6] default/linux/amd64/10.0/no-multilib
37 [7] default/linux/amd64/10.0/server
38 [8] hardened/linux/amd64 *
39 [9] hardened/linux/amd64/selinux
40 [10] hardened/linux/amd64/no-multilib
41 [11] hardened/linux/amd64/no-multilib/selinux
42
43 sudo eselect profile set 9
44
45 or if you're using a no-multilib, try 11
46
47 emerge -uvpDN world
48
49 See what breaks/un-breaks. Report to the bug.
50
51
52 4) Long term. If we're happy, we deprecate the old profiles. This
53 includes sending out a news item explaining scheduling/procedure for
54 switch over etc etc.
55
56
57 --
58 Anthony G. Basile, Ph.D.
59 Gentoo Linux Developer [Hardened]
60 E-Mail : blueness@g.o
61 GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
62 GnuPG ID : D0455535
Report Message
Find on MARC Find on Google Groups