Re: [gentoo-user] NSA SELinux kernel support

2015-01-02 Thread Marc Stürmer
that enabling SELinux or similar stuff (e.g. like AppArmor) should be today mandatory if installing servers on the internet. Then again your mileage may vary.

Re: [gentoo-user] NSA SELinux kernel support

2015-01-02 Thread Alexander Kapshuk
) and grade of personal paranoia. I know a few administrators how think that enabling SELinux or similar stuff (e.g. like AppArmor) should be today mandatory if installing servers on the internet. Then again your mileage may vary. Thanks for you input.

Re: [gentoo-user] Gentoo is supporting officially Snap packages?

2016-06-21 Thread Tom H
distributions" and that "the Snap package format is working natively on popular GNU/Linux operating systems like [...] Fedora [...]," so it's clear why there was confusion, but it doesn't say that they've been working with Fedora specifically. There's one thing that's not addressed in th

Re: [gentoo-user] gdm fails to start

2017-05-23 Thread Raffaele Belardi
l-linux): > > build runuser helper > > There is a "pam" USE flag for systemd. > Did you try to add it ? > https://packages.gentoo.org/packages/sys-apps/systemd > > Hogren > Yes, it is set, I don't know why euse does not show it: # eix -I sys-apps/systemd [I] sys-a

Re: [gentoo-user] Anyone running a hardened profile?

2015-09-07 Thread wabenbau
nt to use something like SELinux (which > doesn't require a hardened profile) that gives you very fine grained > control about access control but it's also very restrictive. I think > it's only worth it for large networks with many users and different > levels of access to sensitive da

Re: [gentoo-user] NSA SELinux kernel support

2015-01-06 Thread Sid S
you end up with will not be ideal and will certainly be full of holes, but at least you are somewhat aware of the risk a given service is to your system. I'd like to find a middle ground, and it might be Targeted mode (I was attempting Strict). Or, it might be a different system like AppArmor

Re: [gentoo-user] systemd, libgudev and bug 552036

2015-12-18 Thread Adam Carter
emerge -1avt systemd These are the packages that would be merged, in reverse order: Calculating dependencies... done! [ebuild R] sys-apps/systemd-218-r5:0/2::gentoo USE="acl gudev introspection kmod lz4 pam policykit python seccomp ssl (-apparmor) -audit -cryptsetup -curl -doc -elf

Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?

2016-06-16 Thread José Maldonado
ecurity gurus on at on snaps? Do snaps require systemd > or are they PID-1 agnostic? > Supposedly it is agnostic to PID, asking only have some active features in the kernel and SELinux or AppArmor using. Currently, none of the mentioned MACs work as expected with Snap, even in the Ubuntu it

Re: [gentoo-user] [OT] Being Facebook member: How to anon?

2017-10-23 Thread tuxic
s long command is needed only for the first time. Next time you can > start it with: > > $ docker start firefox > > Some basic docker commands: > > $ docker ps [-a] - lists running containers [or all containers] > $ docker images - lists images > $ docker rm [container_n

Re: [gentoo-user] [OT] Being Facebook member: How to anon?

2017-10-24 Thread Todd Goodman
] app-emulation/docker >>>> Available versions: 17.03.2^si (~)17.06.2^si (~)17.09.0^si **^si >>>> {apparmor aufs btrfs +container-init +device-mapper hardened overlay >>>> pkcs11 seccomp} >>>> Installed versions: 17.09.0^si(05:48:14 P

Re: [gentoo-user] [OT] Being Facebook member: How to anon?

2017-10-24 Thread Róbert Čerňanský
;>>> > >>>> I didi it, but... > >>>> #>eix -I docker > >>>> [I] app-emulation/docker > >>>> Available versions: 17.03.2^si (~)17.06.2^si (~)17.09.0^si > >>>> **^si {apparmor aufs btrfs +contain

Re: [gentoo-user] NSA SELinux kernel support

2015-01-01 Thread Alexander Kapshuk
I know for sure Ubuntu does - an AppArmor profile for all of the web browsers they ship. AppArmor, if I'm not mistaken, does a lot of the same things as SELinux, and the browser profiles guard against rogue JavaScript from doing bad things. If I got anything wrong security-wise, I'm sorry

Re: [gentoo-user] NSA SELinux kernel support

2015-01-01 Thread Alec Ten Harmsel
(and the firewall, hehe) to avoid dealing with the pain of wading through documentation for hours on end. The one use case that seems pretty interesting for personal use is something I know for sure Ubuntu does - an AppArmor profile for all of the web browsers they ship. AppArmor, if I'm

Re: [gentoo-user] gdm fails to start

2017-05-23 Thread Hogren
; Did you try to add it ? >> https://packages.gentoo.org/packages/sys-apps/systemd >> >> Hogren >> > Yes, it is set, I don't know why euse does not show it: > > # eix -I sys-apps/systemd > [I] sys-apps/systemd > Available versions: 226-r2(0/2) (~)23

Re: [gentoo-user] Anyone running a hardened profile?

2015-09-06 Thread Fernando Rodriguez
f access to sensitive data. I needed some of SELinux features but settled for using AppArmor in an unusual way to accomplish them because SELinux is too much trouble. All AppArmor really does is provide process isolation or sandboxing. If an attacker gains access through an exploint he will only

Re: [gentoo-user] NSA SELinux kernel support

2015-01-04 Thread Erik Mackdanz
time. I'd like to find a middle ground, and it might be Targeted mode (I was attempting Strict). Or, it might be a different system like AppArmor. -- Erik Mackdanz

Re: [gentoo-user] OpenSSH upgrade warning

2015-11-10 Thread wabenbau
epends also on how good the server is hardened, that means how good it is protected against such vulnerable services. There are different mechanisms for such protections. For example simple chroot()jails or, much more complex, access control systems like apparmor and selinux for isolating services, and SSP and PAX for protection against stack- and bufferoverflow based exploits. -- Regards wabe

[gentoo-user] Re: udev -> eudev

2016-02-09 Thread James
-pic14% -pic16% -r2k% -r3ka% -s08% -sdbinutils% -sdcdb% -stm8% -tlcs90% -ucsim% -z180% -z80%" 10,259 KiB [ebuild N#] sys-apps/systemd-226-r2:0/2::gentoo USE="acl kdbus kmod lz4 lzma pam seccomp ssl (-apparmor) -audit -cryptsetup -curl -elfutils -gcrypt -gnuefi -http -idn -impo

Re: [gentoo-user] Re: udev -> eudev

2016-02-09 Thread Neil Bothwick
ld N#]sys-apps/systemd-226-r2:0/2::gentoo USE="acl kdbus > kmod lz4 lzma pam seccomp ssl (-apparmor) -audit -cryptsetup -curl > -elfutils -gcrypt -gnuefi -http -idn -importd -nat -policykit -qrcode > (-selinux) -sysv-utils {-test} -vanilla -xkb" ABI_X86="32 (64) (

Re: [gentoo-user] [OT] Being Facebook member: How to anon?

2017-10-23 Thread tuxic
t; > named 'firefox' and starts it. (The image is downloaded automatically.) > > > > This long command is needed only for the first time. Next time you can > > start it with: > > > > $ docker start firefox > > > > Some basic docker commands: > >

Re: [gentoo-user] [OT] Being Facebook member: How to anon?

2017-10-23 Thread tuxic
> > > > What it does is: from image openhs/firefox-ubuntu it creates container > > > named 'firefox' and starts it. (The image is downloaded automatically.) > > > > > > This long command is needed only for the first time. Next time you can > > >

Re: [gentoo-user] [OT] Being Facebook member: How to anon?

2017-10-23 Thread tuxic
gt; > -v $XAUTHORITY:/tmp/.host_Xauthority:ro -dti openhs/firefox-ubuntu > > > > > > > > What it does is: from image openhs/firefox-ubuntu it creates container > > > > named 'firefox' and starts it. (The image is downloaded automatically.) > > > &

[gentoo-user] Re: udev -> eudev

2016-02-09 Thread James
k introspection systemd -cryptsetup -debug (-selinux)" [nomerge ] sys-apps/systemd-226-r2:0/2::gentoo USE="acl kdbus kmod lz4 lzma pam seccomp ssl (-apparmor) -audit -cryptsetup -curl -elfutils -gcrypt -gnuefi -http -idn -importd -nat -policykit -qrcode (-selinux) -sysv-utils {-tes

Re: [gentoo-user] a few blockers I can't figure out

2015-09-01 Thread Alan McKinnon
ge, certainly the systemd one. >> >> >> I'm having a hard time figuring out what is making portage do this. >> I also figure you're OK with a downgraded systemd meanwhile, but just >> for kicks, lets test my theory: If you run this, does portage offer to >> upgrade

[gentoo-user] Re: systemd, libgudev and bug 552036

2015-12-18 Thread Jonathan Callen
oo USE="acl gudev introspection > kmod lz4 pam policykit python seccomp ssl (-apparmor) -audit > -cryptsetup -curl -doc -elfutils -gcrypt -http -idn -kdbus -lzma > -qrcode (-selinux) -sysv-utils -terminal {-test} -vanilla -xkb" > ABI_X86="(64) -32 (-x32)" PYTHO

[gentoo-user] Re: udev -> eudev

2016-02-09 Thread James
R] sys-apps/dbus-1.8.16::gentoo USE="X systemd* -debug -doc (-selinux) -static-libs {-test}" ABI_X86="32 (64) (-x32)" 0 KiB [ebuild N#]sys-apps/systemd-226-r2:0/2::gentoo USE="acl kdbus kmod lz4 lzma pam seccomp ssl (-apparmor) -audit -cryptsetup -c

Re: [gentoo-user] a few blockers I can't figure out

2015-08-31 Thread covici
do this. > I also figure you're OK with a downgraded systemd meanwhile, but just > for kicks, lets test my theory: If you run this, does portage offer to > upgrade systemd? > > > USE="-python" emerge -pv systemd Well, here is what I got [ebuild U ] sys-apps/sy

Re: [gentoo-user] a few blockers I can't figure out

2015-09-01 Thread covici
ortage > >>>>> grep -r systemd /etc/portage > >>> Just to let you know, most of the python entries were mandated by > >>> portage, certainly the systemd one. > >> > >> > >> I'm having a hard time figuring out what is making portage

Re: [gentoo-user] a few blockers I can't figure out

2015-09-01 Thread Alan McKinnon
age, certainly the systemd one. >>>> >>>> >>>> I'm having a hard time figuring out what is making portage do this. >>>> I also figure you're OK with a downgraded systemd meanwhile, but just >>>> for kicks, lets test my theory

Re: [gentoo-user] dhcpd always shows "crashed" even though it's running

2015-09-04 Thread Fernando Rodriguez
file and compare it to the PID for dhcpd. If it looks right you can try copying to /var/run/dhcp/ and run rc-status again, if it works this time then portage is looking for the pid file outside the chroot. You set it up using the DHCPD_CHROOT in /etc/conf.d/dhcpd right? I don't use that option since I use apparmor but it looks like the init script will do the right thing in traccking the pid file if setup correctly. Are you using the latest version (may need to run etc-update)? -- Fernando Rodriguez

Re: [gentoo-user] Re: udev -> eudev

2016-02-09 Thread Mick
pl -pt -pt_BR -ro -ru -rw -si > -sk -sl -sr -sr@latin -sv -ta -te -th -tr -tt -uk -vi -xh -yi -zh_CN -zh_HK > -zh_TW" PYTHON_TARGETS="python2_7" 0 KiB > [nomerge ] sys-fs/udisks-2.1.4:2::gentoo USE="gptfdisk introspection > systemd -cryptsetup -debug (-selinux)&

Re: [gentoo-user] Portage spokes again...

2016-12-21 Thread Rich Freeman
oo [0.22.4::gentoo] USE="ncurses > netifrc pam unicode -audit -debug -newnet (-prefix) (-selinux) -static-libs > -tools" > [ebuild N~] virtual/tmpfiles-0::gentoo 0 KiB > [nomerge ] virtual/tmpfiles-0::gentoo > [nomerge ] sys-apps/systemd-226-r2:0

Re: [gentoo-user] Portage spokes again...

2016-12-21 Thread Alan McKinnon
oo USE="classic dri3 egl > gallium gbm llvm nptl udev vaapi vdpau wayland* xvmc -bindist -d3d9 -debug > -gles1 -gles2 -opencl -openmax -osmesa -pax_kernel -pic (-selinux) -valgrind > -xa" ABI_X86="32 (64) (-x32)" VIDEO_CARDS="(-freedreno) -i915 -i965 -ilo >

Re: [gentoo-user] Portage spokes again...

2016-12-21 Thread Meino . Cramer
-test}" [ebuild N ] dev-qt/qtgraphicaleffects-5.6.2:5/5.6::gentoo USE="-debug {-test}" 14406 KiB [ebuild N ] kde-frameworks/kjsembed-5.26.0:5/5.26::gentoo USE="-debug" 166 KiB [ebuild N ] kde-apps/kholidays-16.04.3:5::gentoo USE="-debug {-tes

Re: [gentoo-user] MacBook Pro oops with gentoo-sources-4.9.6-r1

2017-02-06 Thread Naveen Narayanan
] usb 1-8.1: New USB device found, idVendor=05ac, idProduct=820a > [4.305085] usb 1-8.1: New USB device strings: Mfr=0, Product=0, > SerialNumber=0 > [4.309170] input: HID 05ac:820a as > /devices/pci:00/:00:14.0/usb1/1-8/1-8.1/1-8.1:1.0/0003:05AC:820A.0003/input/in

Re: [gentoo-user] MacBook Pro oops with gentoo-sources-4.9.6-r1

2017-02-06 Thread Mick
0-12/input0 [4.237987] apple 0003:05AC:0263.0002: > > hidraw1: USB HID v1.11 Device [Apple Inc. Apple Internal Keyboard / > > Trackpad] on usb-:00:14.0-12/input1 [4.241688] input: bcm5974 as > > /devices/pci:00/:00:14.0/usb1/1-12/1-12:1.2/input/input7 [ >

Re: [gentoo-user] MacBook Pro oops with gentoo-sources-4.9.6-r1

2017-02-07 Thread Naveen Narayanan
usb 1-8.1: new full-speed USB device number 4 > > > using xhci_hcd [4.231261] apple 0003:05AC:0263.0001: input,hidraw0: > > > USB HID v1.11 Keyboard [Apple Inc. Apple Internal Keyboard / Trackpad] on > > > usb-:00:14.0-12/input0 [4.237987] apple 0003:05AC:0263

[gentoo-user] MacBook Pro oops with gentoo-sources-4.9.6-r1

2017-02-06 Thread Mick
000:00/:00:14.0/usb1/1-8/1-8.1/1-8.1:1.0/0003:05AC:820A.0003/input/input8 [4.338186] systemd[1]: systemd 226 running in system mode. (+PAM -AUDIT -SELINUX +IMA -APPARMOR +SMACK -SYSVINIT +UTMP -LIBCRYPTSETUP -GCRYPT -GNUTLS +ACL -XZ +LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN) [4.340006] s