1 |
Hi guys, |
2 |
|
3 |
The hardened-dev overlay now contains the newest set of SELinux userland |
4 |
utilities. I've tested them with the current (2.20110726-r13) policy set and |
5 |
they seem to work well now (finally, had to add a few patches here and |
6 |
there). |
7 |
|
8 |
The sad thing is, one of the issues was that libsemanage didn't support |
9 |
policies without levels properly. The SELinux development mailinglist |
10 |
mentioned that such policies get little test coverage as most (other) |
11 |
distributions use a level-enabled policy type (MCS or MLS) anyhow. In |
12 |
Gentoo, we still support strict/targeted (although MCS is definitely usable |
13 |
as well). |
14 |
|
15 |
As I don't want to become the testing ground for such policies, I'll see to |
16 |
it that MCS becomes our default policy type as well, and that a (simple) |
17 |
upgrade procedure is available for those still at strict or targeted. |
18 |
|
19 |
It will also mean the docs will see some updates, and we'll need to add |
20 |
selinux-unconfined as well as an (optionally installable) module. |
21 |
|
22 |
Wkr, |
23 |
Sven Vermeulen |