* [gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened/selinux: hb-intro-concepts.xml hb-using-install.xml hb-using-policymodules.xml
@ 2011-06-07 19:40 Francisco Blas Izquierdo Riera (klondike)
0 siblings, 0 replies; only message in thread
From: Francisco Blas Izquierdo Riera (klondike) @ 2011-06-07 19:40 UTC (permalink / raw
To: gentoo-commits
klondike 11/06/07 19:40:20
Modified: hb-intro-concepts.xml hb-using-install.xml
hb-using-policymodules.xml
Log:
Updating the handbook as requested by Sven
Revision Changes Path
1.3 xml/htdocs/proj/en/hardened/selinux/hb-intro-concepts.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-intro-concepts.xml?rev=1.3&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-intro-concepts.xml?rev=1.3&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-intro-concepts.xml?r1=1.2&r2=1.3
Index: hb-intro-concepts.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-intro-concepts.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- hb-intro-concepts.xml 25 Apr 2011 20:12:59 -0000 1.2
+++ hb-intro-concepts.xml 7 Jun 2011 19:40:20 -0000 1.3
@@ -4,11 +4,11 @@
<!-- The content of this document is licensed under the CC-BY-SA license -->
<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-intro-concepts.xml,v 1.2 2011/04/25 20:12:59 zorry Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-intro-concepts.xml,v 1.3 2011/06/07 19:40:20 klondike Exp $ -->
<sections>
-<version>3</version>
-<date>2011-04-15</date>
+<version>4</version>
+<date>2011-05-03</date>
<section>
<title>Introduction</title>
@@ -510,6 +510,11 @@
file because the SELinux users' differ.
</p>
+<p>
+At this moment, Gentoo Hardened SELinux' supports both policies with and
+without UBAC. This is controlled through the <c>ubac</c> USE flag.
+</p>
+
</body>
</subsection>
</section>
1.3 xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml?rev=1.3&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml?rev=1.3&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml?r1=1.2&r2=1.3
Index: hb-using-install.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- hb-using-install.xml 25 Apr 2011 20:12:59 -0000 1.2
+++ hb-using-install.xml 7 Jun 2011 19:40:20 -0000 1.3
@@ -4,7 +4,7 @@
<!-- The content of this document is licensed under the CC-BY-SA license -->
<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml,v 1.2 2011/04/25 20:12:59 zorry Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml,v 1.3 2011/06/07 19:40:20 klondike Exp $ -->
<sections>
<version>5</version>
@@ -197,14 +197,68 @@
</note>
<p>
+Don't update your system yet - we will need to install a couple of packages in a
+particular order which Portage isn't aware of in the next couple of sections.
+</p>
+
+</body>
+</subsection>
+<subsection>
+<title>Update make.conf</title>
+<body>
+
+<p>
Edit your <path>/etc/make.conf</path> file and set
<c>FEATURES="-loadpolicy"</c>. The current SELinux profile enables the
loadpolicy feature, but this isn't supported anymore so can be safely ignored.
</p>
<p>
-Don't update your system yet - we will need to install a couple of packages in a
-particular order which Portage isn't aware of in the next couple of sections.
+Next, take a look at the following USE flags and decide if you want to enable
+or disable them.
+</p>
+
+<table>
+<tr>
+ <th>USE flag</th>
+ <th>Default Value</th>
+ <th>Description</th>
+</tr>
+<tr>
+ <ti>peer_perms</ti>
+ <ti>Enabled</ti>
+ <ti>
+ The peer_perms capability controls the SELinux policy network peer controls.
+ If set, the access control mechanisms that SELinux uses for network based
+ labelling are consolidated. This setting is recommended as the policy is
+ also updated to reflect this. If not set, the old mechanisms (NetLabel and
+ Labeled IPsec) are used side by side.
+ </ti>
+</tr>
+<tr>
+ <ti>open_perms</ti>
+ <ti>Enabled</ti>
+ <ti>
+ The open_perms capability enables the SELinux permission "open" for files
+ and file-related classes. Support for the "open" call was added a bit later
+ than others so support was first made optional. However, the policies have
+ matured sufficiently to have the open permission set.
+ </ti>
+</tr>
+<tr>
+ <ti>ubac</ti>
+ <ti>Disabled</ti>
+ <ti>
+ When enabled, the SELinux policy is built with user-based access control
+ enabled. This is optional as it introduces constraints that might be
+ difficult to notice at first when you hit them.
+ </ti>
+</tr>
+</table>
+
+<p>
+Make your choice and update the <c>USE</c> variable in
+<path>/etc/make.conf</path>.
</p>
</body>
1.4 xml/htdocs/proj/en/hardened/selinux/hb-using-policymodules.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-policymodules.xml?rev=1.4&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-policymodules.xml?rev=1.4&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-policymodules.xml?r1=1.3&r2=1.4
Index: hb-using-policymodules.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-policymodules.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- hb-using-policymodules.xml 7 Jun 2011 18:09:27 -0000 1.3
+++ hb-using-policymodules.xml 7 Jun 2011 19:40:20 -0000 1.4
@@ -4,7 +4,7 @@
<!-- The content of this document is licensed under the CC-BY-SA license -->
<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-policymodules.xml,v 1.3 2011/06/07 18:09:27 nimiux Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-policymodules.xml,v 1.4 2011/06/07 19:40:20 klondike Exp $ -->
<sections>
<version>1</version>
@@ -44,7 +44,7 @@
</pre>
<p>
-This simple policy says that the module is called <e>fixmozilla</e> with module
+This simple policy sais that the module is called <e>fixmozilla</e> with module
version <e>1.0.0</e> (it is wise to update this version every time you update
the content of the module so that you can quickly verify with <c>semodule -l</c>
if the new version is loaded or not). It requires the <e>mozilla_t</e> domain
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-06-07 19:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-07 19:40 [gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened/selinux: hb-intro-concepts.xml hb-using-install.xml hb-using-policymodules.xml Francisco Blas Izquierdo Riera (klondike)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox