From: "Sven Vermeulen (swift)" <swift@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened/selinux: hb-using-changes.xml
Date: Tue, 6 Nov 2012 20:00:34 +0000 (UTC) [thread overview]
Message-ID: <20121106200035.08D62215F3@flycatcher.gentoo.org> (raw)
swift 12/11/06 20:00:34
Modified: hb-using-changes.xml
Log:
Change on system_r is now in stable
Revision Changes Path
1.5 xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?r1=1.4&r2=1.5
Index: hb-using-changes.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- hb-using-changes.xml 16 Aug 2012 18:12:53 -0000 1.4
+++ hb-using-changes.xml 6 Nov 2012 20:00:34 -0000 1.5
@@ -4,11 +4,11 @@
<!-- The content of this document is licensed under the CC-BY-SA license -->
<!-- See http://creativecommons.org/licenses/by-sa/3.0 -->
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v 1.4 2012/08/16 18:12:53 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v 1.5 2012/11/06 20:00:34 swift Exp $ -->
<sections>
-<version>4</version>
-<date>2012-08-16</date>
+<version>5</version>
+<date>2012-11-06</date>
<section>
@@ -35,6 +35,33 @@
<section>
<title>Overview of Changes for Stable Users</title>
<subsection>
+<title>2012/08/16 - Adding system_r role to admins</title>
+<body>
+
+<p>
+Since <path>selinux-base-2.20120725-r3</path> and later, init scripts will now
+support the upstream "labeled" init script approach. This means that those
+services whose init script follows the <path><domain>_initrc_exec_t</path>
+naming convention can now be assigned to specific users (allowing those to
+manage the services without the need to grant them system administration
+rights).
+</p>
+
+<p>
+The downside of this approach is that the system administrator itself (who uses
+the <c>sysadm_t</c> domain) now also needs to be granted the right to manage
+those services. And granting this right means that the SELinux user (be it
+<c>root</c> or <c>staff_u</c>) needs to be granted the <c>system_r</c> role:
+</p>
+
+<pre caption="Granting system_r role">
+# <i>semanage user -a -R "staff_r sysadm_r system_r" root</i>
+# <i>semanage user -a -R "staff_r sysadm_r system_r" staff_u</i>
+</pre>
+
+</body>
+</subsection>
+<subsection>
<title>2012/06/24 - Definition of /run in fstab</title>
<body>
@@ -140,30 +167,13 @@
<section>
<title>Overview of Changes for ~Arch Users</title>
<subsection>
-<title>2012/08/16 - Adding system_r role to admins</title>
+<title>None yet</title>
<body>
<p>
-Since <path>selinux-base-2.20120725-r3</path> and later, init scripts will now
-support the upstream "labeled" init script approach. This means that those
-services whose init script follows the <path><domain>_initrc_exec_t</path>
-naming convention can now be assigned to specific users (allowing those to
-manage the services without the need to grant them system administration
-rights).
+No specific changes that need to be documented at this level.
</p>
-<p>
-The downside of this approach is that the system administrator itself (who uses
-the <c>sysadm_t</c> domain) now also needs to be granted the right to manage
-those services. And granting this right means that the SELinux user (be it
-<c>root</c> or <c>staff_u</c>) needs to be granted the <c>system_r</c> role:
-</p>
-
-<pre caption="Granting system_r role">
-# <i>semanage user -a -R "staff_r sysadm_r system_r" root</i>
-# <i>semanage user -a -R "staff_r sysadm_r system_r" staff_u</i>
-</pre>
-
</body>
</subsection>
</section>
next reply other threads:[~2012-11-06 20:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-06 20:00 Sven Vermeulen (swift) [this message]
-- strict thread matches above, loose matches on Subject: below --
2013-07-07 19:52 [gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened/selinux: hb-using-changes.xml Sven Vermeulen (swift)
2013-07-07 17:53 Sven Vermeulen (swift)
2013-04-19 10:34 Sven Vermeulen (swift)
2013-04-05 18:14 Sven Vermeulen (swift)
2013-03-10 16:01 Sven Vermeulen (swift)
2012-12-04 20:22 Sven Vermeulen (swift)
2012-06-25 19:18 Sven Vermeulen (swift)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121106200035.08D62215F3@flycatcher.gentoo.org \
--to=swift@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox