Hi guys,
1) I've opened up a tracker bug for switching to the new style profiles
for selinux:
http://bugs.gentoo.org/show_bug.cgi?id=365483
2) I've done some preliminary testing and it looks like they not only
work, but solve the amd64/nomultilib problem. I built such a system
with no problems.
3) The next step will be to add them to the tree side-by-side with the
existing selinux profiles. We can do this early, even within a week or
so since it will not break anything and will expose the new profile
structure to others for testing. I'll wait to hear back from the other
selinuxers before acting on this.
If anyone wants to test before they get to the tree, do the following
git clone git://git.overlays.gentoo.org/proj/hardened-dev.git
cd hardened-dev/
git branch profiles-selinux
git checkout profiles-selinux
git pull origin profiles-selinux
sudo mount --bin profiles/ /usr/portage/profiles/
sudo eselect profile list
You should now see
Available profile symlink targets:
[1] default/linux/amd64/10.0
[2] default/linux/amd64/10.0/desktop
[3] default/linux/amd64/10.0/desktop/gnome
[4] default/linux/amd64/10.0/desktop/kde
[5] default/linux/amd64/10.0/developer
[6] default/linux/amd64/10.0/no-multilib
[7] default/linux/amd64/10.0/server
[8] hardened/linux/amd64 *
[9] hardened/linux/amd64/selinux
[10] hardened/linux/amd64/no-multilib
[11] hardened/linux/amd64/no-multilib/selinux
sudo eselect profile set 9
or if you're using a no-multilib, try 11
emerge -uvpDN world
See what breaks/un-breaks. Report to the bug.
4) Long term. If we're happy, we deprecate the old profiles. This
includes sending out a news item explaining scheduling/procedure for
switch over etc etc.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : [email protected]
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
