| 1 |
Hi guys, |
| 2 |
|
| 3 |
The hardened-dev overlay now contains the newest set of SELinux userland |
| 4 |
utilities. I've tested them with the current (2.20110726-r13) policy set and |
| 5 |
they seem to work well now (finally, had to add a few patches here and |
| 6 |
there). |
| 7 |
|
| 8 |
The sad thing is, one of the issues was that libsemanage didn't support |
| 9 |
policies without levels properly. The SELinux development mailinglist |
| 10 |
mentioned that such policies get little test coverage as most (other) |
| 11 |
distributions use a level-enabled policy type (MCS or MLS) anyhow. In |
| 12 |
Gentoo, we still support strict/targeted (although MCS is definitely usable |
| 13 |
as well). |
| 14 |
|
| 15 |
As I don't want to become the testing ground for such policies, I'll see to |
| 16 |
it that MCS becomes our default policy type as well, and that a (simple) |
| 17 |
upgrade procedure is available for those still at strict or targeted. |
| 18 |
|
| 19 |
It will also mean the docs will see some updates, and we'll need to add |
| 20 |
selinux-unconfined as well as an (optionally installable) module. |
| 21 |
|
| 22 |
Wkr, |
| 23 |
Sven Vermeulen |
Archives