On 04/27/2011 03:46 PM, Sven Vermeulen wrote: > Hi guys 'n gals, > > > When a good "features/selinux" profile is created, we can then create > hardened/linux/amd64/selinux > hardened/linux/amd64/no-multilib/selinux > hardened/linux/x86/selinux > ... > profiles in which only a single file exists, namely "parent", with the > contents of > ../ > ../../../../features/selinux >
Hi Sven and all, I got this structure set up on the hardened-dev overlay in branch profiles-selinux. To use it, just mount --bind the overlay profile over $PORTDIR/profiles. Here's the stacking so far -- the reinheritance of base for amd64 is a problem which I'll fix. ~ # eselect profile list Available profile symlink targets: [1] default/linux/amd64/10.0 [2] default/linux/amd64/10.0/desktop [3] default/linux/amd64/10.0/desktop/gnome [4] default/linux/amd64/10.0/desktop/kde [5] default/linux/amd64/10.0/developer [6] default/linux/amd64/10.0/no-multilib [7] default/linux/amd64/10.0/server [8] hardened/linux/amd64 [9] hardened/linux/amd64/selinux * [10] hardened/linux/amd64/no-multilib [11] hardened/linux/amd64/no-multilib/selinux ~ # ./check_profiles_stack.py /usr/portage/profiles/base /usr/portage/profiles/default/linux /usr/portage/profiles/arch/base /usr/portage/profiles/features/multilib /usr/portage/profiles/features/multilib/lib32 /usr/portage/profiles/arch/amd64 /usr/portage/profiles/releases /usr/portage/profiles/releases/10.0 /usr/portage/profiles/hardened/linux /usr/portage/profiles/hardened/linux/amd64 /usr/portage/profiles/base /usr/portage/profiles/features/selinux /usr/portage/profiles/hardened/linux/amd64/selinux ~ # eselect profile set hardened/linux/amd64/no-multilib/selinux ~ # ./check_profiles_stack.py /usr/portage/profiles/base /usr/portage/profiles/default/linux /usr/portage/profiles/arch/base /usr/portage/profiles/features/multilib /usr/portage/profiles/features/multilib/lib32 /usr/portage/profiles/arch/amd64 /usr/portage/profiles/releases /usr/portage/profiles/releases/10.0 /usr/portage/profiles/hardened/linux /usr/portage/profiles/hardened/linux/amd64 /usr/portage/profiles/features/64bit-native /usr/portage/profiles/hardened/linux/amd64/no-multilib /usr/portage/profiles/base /usr/portage/profiles/features/selinux /usr/portage/profiles/hardened/linux/amd64/no-multilib/selinux yellowness ~ # ARCH="x86" eselect profile set hardened/linux/x86/selinux yellowness ~ # ./check_profiles_stack.py /usr/portage/profiles/base /usr/portage/profiles/default/linux /usr/portage/profiles/arch/base /usr/portage/profiles/arch/x86 /usr/portage/profiles/releases /usr/portage/profiles/releases/10.0 /usr/portage/profiles/hardened/linux /usr/portage/profiles/hardened/linux/x86 /usr/portage/profiles/features /usr/portage/profiles/hardened/linux/x86/selinux -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : [email protected] GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535
