[gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened/selinux: hb-using-changes.xml

["Sven Vermeulen (swift)" <swift@gentoo.org>]

swift       12/11/06 20:00:34

  Modified:             hb-using-changes.xml
  Log:
  Change on system_r is now in stable

Revision  Changes    Path
1.5                  xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?rev=1.5&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?rev=1.5&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?r1=1.4&r2=1.5

Index: hb-using-changes.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- hb-using-changes.xml	16 Aug 2012 18:12:53 -0000	1.4
+++ hb-using-changes.xml	6 Nov 2012 20:00:34 -0000	1.5
@@ -4,11 +4,11 @@
 <!-- The content of this document is licensed under the CC-BY-SA license -->
 <!-- See http://creativecommons.org/licenses/by-sa/3.0 -->
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v 1.4 2012/08/16 18:12:53 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v 1.5 2012/11/06 20:00:34 swift Exp $ -->
 
 <sections>
-<version>4</version>
-<date>2012-08-16</date>
+<version>5</version>
+<date>2012-11-06</date>
 
 
 <section>
@@ -35,6 +35,33 @@
 <section>
 <title>Overview of Changes for Stable Users</title>
 <subsection>
+<title>2012/08/16 - Adding system_r role to admins</title>
+<body>
+
+<p>
+Since <path>selinux-base-2.20120725-r3</path> and later, init scripts will now
+support the upstream "labeled" init script approach. This means that those
+services whose init script follows the <path>&lt;domain&gt;_initrc_exec_t</path>
+naming convention can now be assigned to specific users (allowing those to
+manage the services without the need to grant them system administration
+rights).
+</p>
+
+<p>
+The downside of this approach is that the system administrator itself (who uses
+the <c>sysadm_t</c> domain) now also needs to be granted the right to manage
+those services. And granting this right means that the SELinux user (be it
+<c>root</c> or <c>staff_u</c>) needs to be granted the <c>system_r</c> role:
+</p>
+
+<pre caption="Granting system_r role">
+# <i>semanage user -a -R "staff_r sysadm_r system_r" root</i>
+# <i>semanage user -a -R "staff_r sysadm_r system_r" staff_u</i>
+</pre>
+
+</body>
+</subsection>
+<subsection>
 <title>2012/06/24 - Definition of /run in fstab</title>
 <body>
 
@@ -140,30 +167,13 @@
 <section>
 <title>Overview of Changes for ~Arch Users</title>
 <subsection>
-<title>2012/08/16 - Adding system_r role to admins</title>
+<title>None yet</title>
 <body>
 
 <p>
-Since <path>selinux-base-2.20120725-r3</path> and later, init scripts will now
-support the upstream "labeled" init script approach. This means that those
-services whose init script follows the <path>&lt;domain&gt;_initrc_exec_t</path>
-naming convention can now be assigned to specific users (allowing those to
-manage the services without the need to grant them system administration
-rights).
+No specific changes that need to be documented at this level.
 </p>
 
-<p>
-The downside of this approach is that the system administrator itself (who uses
-the <c>sysadm_t</c> domain) now also needs to be granted the right to manage
-those services. And granting this right means that the SELinux user (be it
-<c>root</c> or <c>staff_u</c>) needs to be granted the <c>system_r</c> role:
-</p>
-
-<pre caption="Granting system_r role">
-# <i>semanage user -a -R "staff_r sysadm_r system_r" root</i>
-# <i>semanage user -a -R "staff_r sysadm_r system_r" staff_u</i>
-</pre>
-
 </body>
 </subsection>
 </section>