| 1 |
Hi lads, |
| 2 |
|
| 3 |
I've pushed a few changes to the hardened-dev.git overlay, ready for your |
| 4 |
mass inspection and testing. The changes include: |
| 5 |
|
| 6 |
- sec-policy/selinux-base-policy-2.20101213-r18 |
| 7 |
* Allow portage (using gentoo_portage_allow_nfs boolean) to work with |
| 8 |
NFS-mounted file systems |
| 9 |
* Fix a few openrc issues, including gcc-config support |
| 10 |
* Allow firefox plugins to work again |
| 11 |
* Fix support for syslog & postgresql init scripts |
| 12 |
* Allow mount to use the context= option for most types (not only file |
| 13 |
system types) |
| 14 |
|
| 15 |
- sec-policy/selinux-mozilla-2.20101213-r3 |
| 16 |
* Support proxies and tor |
| 17 |
|
| 18 |
- sec-policy/selinux-rpc-2.20101213-r1 |
| 19 |
* Allow rpcd_t to listen to udp_socket (needed for NFS to work) |
| 20 |
|
| 21 |
- sys-apps/policycoreutils-2.0.82-r2 |
| 22 |
* Support for Python 3 |
| 23 |
|
| 24 |
- sys-libs/libsemanage-2.0.45-r1 |
| 25 |
* Support for Python 3 |
| 26 |
|
| 27 |
Beware about the policycoreutils: it has a file in files/ that needs to be |
| 28 |
placed on a correct location. If you want to try it out, copy it to your |
| 29 |
distfiles. I couldn't just use FILESDIR since there were more than a few |
| 30 |
changes needed in the ebuild. Right now, if yo don't copy it to your |
| 31 |
distfiles, it'll give a fetch failure (it'll search on the distfiles). |
| 32 |
Perhaps blueness wants to put the change in dev.g.o somewhere and adjust the |
| 33 |
ebuild in the overlay? |
| 34 |
|
| 35 |
Anyhow, these items fix the following bugs: |
| 36 |
- #373673 portage fails to emerge with /usr portage on nfs with selinux |
| 37 |
- #369089 sys-libs/libsemanage-2.0.45 fails to emerge |
| 38 |
- #371425 postgresql-9.0 init script not SELinux-compatible with current |
| 39 |
policies |
| 40 |
|
| 41 |
I did try to get libselinux to support python 3 too, but failed miserably on |
| 42 |
that. Even the patch that fedora uses to support python 3 doesn't work here |
| 43 |
(various python scripts, including the _selinux.py from Portage, do not seem |
| 44 |
to be happy with the string -> bytes or string -> unicode or ... changes |
| 45 |
that occur). I might take another stab at this in the future, but for now |
| 46 |
I've had about it :-( |
| 47 |
|
| 48 |
Wkr, |
| 49 |
Sven Vermeulen |
Archives