1 |
I'm attempting to convert my laptop to SELinux using the conversion guide, |
2 |
and I've run into a few snags with documentation. I've consulted the |
3 |
troubleshooting page, archives and forums, and now am reaching out directly. |
4 |
|
5 |
1) When I get to the world update ('emerge -uDN world'), every package |
6 |
fails at install with 'Failed to set SELinux security labels.' Don't I |
7 |
also need 'FEATURES="-selinux"' for that step (like the preceding step)? |
8 |
|
9 |
2) The conversion guide states 'We recommend to use PaX as well'. Would it |
10 |
be accurate (and maybe helpful) to append 'but installing without PaX can |
11 |
be accomplished with USE=-pax_kernel in make.conf'? I configured this |
12 |
change because I don't want to learn PaX today but all hardened profiles |
13 |
include USE=pax_kernel in make.defaults, making PaX more of a requirement |
14 |
than a recommendation. I assume that allowing USE=pax_kernel on a non-PaX |
15 |
kernel (I'm building the kernel from gentoo-sources not hardened-sources) |
16 |
is invalid. |
17 |
|
18 |
3) The conversion guide states 'switch the Gentoo profile to the right |
19 |
SELinux profile' but then immediately shows an example which selects '[11] |
20 |
hardened/linux/amd64/no-multilib *', a non-SELinux profile. Shouldn't |
21 |
item [10] or [12] be selected? |
22 |
|
23 |
I have a feeling these are all documentation bugs but as a hardened-n00b, I |
24 |
don't know what I don't know. |
25 |
|
26 |
Thanks all, especially devs, for all the hard work into making Gentoo great. |
27 |
|
28 |
Erik |