On Mon, Jun 9, 2014 at 7:43 PM, Michael Orlitzky m...@gentoo.org wrote:
On 06/07/2014 08:55 PM, Anthony G. Basile wrote:
When running with a pax kernel, you must enable EMUTRAMP in your Kconfig
and you must paxmark your python exe's with E. Note: EMUTRAMP is on by
default and the ebuild
On 6 Aug 2014 12:30, Sven Vermeulen sw...@gentoo.org wrote:
Hi all
Our live sec-policy/selinux-* packages (the ones with the - version)
have been using our git repository for some time. Although users could
always override these with packagename_LIVE_REPO, it meant that they had
to
On Tue, Aug 05, 2014 at 05:48:23AM +0300, Alex Efros wrote:
Hi!
On Thu, Jun 26, 2014 at 08:57:12AM -0400, Anthony G. Basile wrote:
Thanks Alex, perfinion hit this bug and fixed it. Can you test with
install-xattr-. I don't want to push out a minor bump just for one
patch until we
On Sat, Aug 16, 2014 at 03:46:43PM -0400, Ben Pritchard wrote:
Hello all
In March, I reported some issues with SELinux contexts in /run. (I seem
to have misplaced the email -- archive at
http://article.gmane.org/gmane.linux.gentoo.hardened/6180).
It look like Sven added the functionality
On Thu, Aug 21, 2014 at 06:13:01PM +, Sven Vermeulen wrote:
During a discussion about dependencies and SELinux labeling, I noticed that
we might want to improve how we currently handle pure policy-related
dependencies.
What we want to get at, is that the installation of a SELinux policy
On Thu, Aug 21, 2014 at 06:46:37PM +, Sven Vermeulen wrote:
On Thu, Aug 21, 2014 at 10:42:21PM +0400, Jason Zaman wrote:
Something like so (which we can do in the selinux-policy-2.eclass):
pkg_postinst() {
# Find all packages with this package in their RDEPEND
PKGSET
On Thu, Dec 18, 2014 at 08:09:01PM -0500, Anthony G. Basile wrote:
Hi fellow hardened devs:
I'm sorry for missing the meeting but things came up and the day got
hectic. It is an important meeting because we were to discuss:
1) what we want with toolchain.eclass - There is a move to get
On Fri, Feb 27, 2015 at 08:04:52PM +0200, Alex Efros wrote:
Hi!
On Fri, Feb 27, 2015 at 10:38:34AM -0600, Alex Brandt wrote:
Somewhat sarcastic but actually true. I don't recommend running
production applications inside of Gentoo based containers.
This makes sense for Gentoo, but my
On Sat, Jun 20, 2015 at 08:09:08PM +0200, Simon Maurer wrote:
Hi,
I tried to use selinux with systemd, but without much success. Looks
like the whole transitioning is broken. (Most daemons are stuck in the
init_t domain) What I don't understand is, while more and more disros
switching to
On Sun, Jul 12, 2015 at 04:46:03PM -0700, S. Lockwood-Childs wrote:
I'd appreciate feedback on a blog-style article[1] talking about
how CIL is going to improve SELinux policy maintenance, and in
particular, the last section where I try to point out how good Gentoo
is for experimenting with
On Mon, Jul 13, 2015 at 03:02:55PM +0200, Sven Vermeulen wrote:
On Mon, Jul 13, 2015 at 1:31 PM, Jason Zaman perfin...@gentoo.org wrote:
Secondly, related to poor support for preserving local changes across
system updates. The tools now have the concept of priority so users can
easy
Hi all,
Lots of people have been asking about systemd selinux policy support. It
is finally almost here! The basic support was added upstream a few days
ago and is now merged into our repo. If anyone wants to test it and let
me know how it works (or even better, send patches upstream) that'd be
On Mon, Oct 19, 2015 at 02:04:06PM +0200, Luis Ressel wrote:
> According to its documentation, portage_ro_role expects a role for $1
> and a type for $2, just like other _role interfaces. However, the policy
> directives inside the interface don't match its documentation and expect
> $1 to be a
On Thu, Oct 15, 2015 at 12:44:40PM +0200, Luis Ressel wrote:
> ---
> policy/modules/contrib/portage.if | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policy/modules/contrib/portage.if
> b/policy/modules/contrib/portage.if
> index 640a63b..c98a763 100644
> ---
On Fri, Feb 03, 2017 at 02:54:28PM +, Robert Sharp wrote:
> Hi,
> just emerged the new setools-4.1.0 and it falls over. I do not have X on
> this machine and it seems to fail when patching to remove the gui? Here
> are the details.
I fixed it yesterday, re-emerge and it'll work now.
On Mon, Jan 30, 2017 at 10:35:18PM +, Robert Sharp wrote:
> Just when I thought I was getting near to switching on strict and all of
> a sudden my cron jobs are throwing AVCs all over.
>
>
> The gist of it is all the same, for example:
> scontext=user_u:user_r:cronjob_t
On Wed, Nov 23, 2016 at 12:58:34PM +, Robert Sharp wrote:
> Hi,
>
> just done my weekly update and I noticed the following AVCs occurred
> that suggest something missing in the portage policy?
>
> type=PROCTITLE msg=audit(1479900756.052:3548):
>
On Wed, Nov 23, 2016 at 04:59:03PM +, Robert Sharp wrote:
>
> On 23/11/16 15:58, Jason Zaman wrote:
> > Either is fine, but im probably just gonna stabilize the 2.6 userspace
> > in a couple weeks so that one is likely easier. and setools4 is waaay
> > better tha
On Wed, Nov 23, 2016 at 05:20:59PM +, Robert Sharp wrote:
> On 23/11/16 16:59, Robert Sharp wrote:
> >
> > On 23/11/16 15:58, Jason Zaman wrote:
> >> Either is fine, but im probably just gonna stabilize the 2.6 userspace
> >> in a couple weeks so that o
On Thu, Nov 24, 2016 at 09:13:35PM +, Robert Sharp wrote:
> On 24/11/16 17:07, Jason Zaman wrote:
> > That warning is harmless, i'll remove the line from the policy later.
> > for now ignore it or manually remove the line to silence the warning.
> > http://blog.perfinio
On Fri, Nov 25, 2016 at 10:16:24AM +, Robert Sharp wrote:
> Hi,
>
> I can run rkhunter as root with role sysadm_r and there are no issues,
> but when I run it from a cron job I get lots of AVCs because the source
> context is system_cronjob_t. I am using vixie-cron and running rkhunter
>
On Thu, Nov 24, 2016 at 03:29:54PM +, Robert Sharp wrote:
> On 23/11/16 17:30, Jason Zaman wrote:
> > On Wed, Nov 23, 2016 at 05:20:59PM +, Robert Sharp wrote:
> >> On 23/11/16 16:59, Robert Sharp wrote:
> >>> On 23/11/16 15:58, Jason Zaman wrote:
> >
On Sat, Nov 12, 2016 at 04:45:23PM +, Robert Sharp wrote:
> Hi there,
>
> is this the best place to raise questions about SELinux, or would I be
> better trying chat? I am making a big effort to get to enforcing strict
> on a simple server and I am struggling a little.
Here is good, there
On 9 Dec 2016 16:29, "Robert Sharp" wrote:
Just updated all my SELinux policies to 20161023-r1 as they are now stable,
which undid one little fix, so I thought I would mention it.
Sysnetwork.te does not cover the possibility that dhcpcd may run resolvconf
from the
On Thu, Dec 01, 2016 at 10:24:21AM +, Robert Sharp wrote:
> Hi,
>
>
> I've looked at the Gentoo SELinux web pages etc, the SELinux Handbook
> and through the Reference Policy and I cannot find the answer to a
> simple question.
>
> I am writing a small policy for my backup system and I
On Wed, Apr 19, 2017 at 02:12:36PM +0100, Robert Sharp wrote:
> I had a problem with Dnsmasq that led to my last post on understanding
> where policies come from. Now that I know and have had dnsmasq
> comfortably running with udp comms to unbound on port 553, I have run
> into the original
On Thu, Apr 13, 2017 at 12:02:24PM +0100, Robert Sharp wrote:
> Is there a difference between policies that appear to be in core but
> also have their own ebuilds? For example: selinux-ddclient versus
> policy/modules/contrib/dnsmasq.* and selinux-ddclient versus
>
Sounds good to me. I'm traveling so great if you can do it :-)
On Dec 2, 2017 17:20, "Sven Vermeulen" wrote:
> On the chat it was noticed that we don't have a hardened/selinux profile
> anymore. Is it OK if I add it, with a parent of
> ..
> ../../../../../features/selinux
28 matches
Mail list logo