Re: [gentoo-hardened] policy doesn't exist? - gentoo-hardened

From:	Caleb Cushing <xenoterracide@×××××.com>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] policy doesn't exist?
Date:	Sun, 18 Mar 2007 17:15:40
Message-Id:	`81bfc67a0703181013p431d61cfj6d4f71e3037c4a13@mail.gmail.com`
In Reply to:	Re: [gentoo-hardened] policy doesn't exist? by Chris PeBenito

1

exact syntax of what if anything I have to do to choose/run/enable a policy.

2

(e.g. if I want to use the strict policy what do I have to do?)

3

4

since this isn't a hardened install would it be possible to get the

5

reference policy working?

6

7

On 3/18/07, Chris PeBenito <pebenito@g.o> wrote:

8

>

9

> On Sun, 2007-03-18 at 09:42 -0400, Caleb Cushing wrote:

10

> > so what the fastest way to get this running?  I'm not fully

11

> > understanding the directions in that.

12

>

13

> What parts are not clear?

14

>

15

> > On 3/18/07, Jae Kim <chcjswo@×××××××.au> wrote:

16

> >         hmm i thought this only applies to 2006.1 profile and hardened

17

> >         users

18

> >         have to stick with old method..

19

> >

20

> >         correct me of i'm wrong

21

> >

22

> >         Mike Edenfield wrote:

23

> >         > Caleb Cushing wrote:

24

> >         >> /etc/security/selinux/src/policy

25

> >         >>

26

> >         >> policy doesn't exist in 2006.1 profile? hmm... I have a

27

> >         populated

28

> >         >> directory on my other selinux box but there isn't one on

29

> >         this box.

30

> >         >> not sure why. the only thing I can think of is that I

31

> >         started that

32

> >         >> box on a 2005.1 profile.... because I don't recall

33

> >         downloading a

34

> >         >> policy... do I need to download or write my own? or is

35

> >         there a faster

36

> >         >> way?

37

> >         >

38

> >         > If you read the update SELinux HOWTO it will explain all of

39

> >         this (I

40

> >         > just upgraded this weekend and it took me a minute, too.)

41

> >         >

42

> >         > The policy source isn't install on your system anymore, only

43

> >         the

44

> >         > compiled policies.  You don't need to 'make' the policy

45

> >         anymore.  You

46

> >         > use the new SELinux tools like rlpkg and semodule to load

47

> >         modules into

48

> >         > the running system.

49

> >         >

50

> >

51

> >         --

52

> >         gentoo-hardened@g.o mailing list

53

> >

54

>

55

> --

56

> Chris PeBenito

57

> <pebenito@g.o>

58

> Developer,

59

> Hardened Gentoo Linux

60

>

61

> Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243

62

> Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

63

>

64

>

1	exact syntax of what if anything I have to do to choose/run/enable a policy.
2	(e.g. if I want to use the strict policy what do I have to do?)
3
4	since this isn't a hardened install would it be possible to get the
5	reference policy working?
6
7	On 3/18/07, Chris PeBenito <pebenito@g.o> wrote:
8	>
9	> On Sun, 2007-03-18 at 09:42 -0400, Caleb Cushing wrote:
10	> > so what the fastest way to get this running? I'm not fully
11	> > understanding the directions in that.
12	>
13	> What parts are not clear?
14	>
15	> > On 3/18/07, Jae Kim <chcjswo@×××××××.au> wrote:
16	> > hmm i thought this only applies to 2006.1 profile and hardened
17	> > users
18	> > have to stick with old method..
19	> >
20	> > correct me of i'm wrong
21	> >
22	> > Mike Edenfield wrote:
23	> > > Caleb Cushing wrote:
24	> > >> /etc/security/selinux/src/policy
25	> > >>
26	> > >> policy doesn't exist in 2006.1 profile? hmm... I have a
27	> > populated
28	> > >> directory on my other selinux box but there isn't one on
29	> > this box.
30	> > >> not sure why. the only thing I can think of is that I
31	> > started that
32	> > >> box on a 2005.1 profile.... because I don't recall
33	> > downloading a
34	> > >> policy... do I need to download or write my own? or is
35	> > there a faster
36	> > >> way?
37	> > >
38	> > > If you read the update SELinux HOWTO it will explain all of
39	> > this (I
40	> > > just upgraded this weekend and it took me a minute, too.)
41	> > >
42	> > > The policy source isn't install on your system anymore, only
43	> > the
44	> > > compiled policies. You don't need to 'make' the policy
45	> > anymore. You
46	> > > use the new SELinux tools like rlpkg and semodule to load
47	> > modules into
48	> > > the running system.
49	> > >
50	> >
51	> > --
52	> > gentoo-hardened@g.o mailing list
53	> >
54	>
55	> --
56	> Chris PeBenito
57	> <pebenito@g.o>
58	> Developer,
59	> Hardened Gentoo Linux
60	>
61	> Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
62	> Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
63	>
64	>

Gentoo Archives: gentoo-hardened