[gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened/selinux: hb-using-changes.xml

["Sven Vermeulen (swift)" <swift@gentoo.org>]

swift       13/04/19 10:34:11

  Modified:             hb-using-changes.xml
  Log:
  Add in information on selocal

Revision  Changes    Path
1.11                 xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?rev=1.11&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?rev=1.11&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml?r1=1.10&r2=1.11

Index: hb-using-changes.xml
===================================================================
RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- hb-using-changes.xml	16 Apr 2013 10:06:42 -0000	1.10
+++ hb-using-changes.xml	19 Apr 2013 10:34:11 -0000	1.11
@@ -4,11 +4,11 @@
 <!-- The content of this document is licensed under the CC-BY-SA license -->
 <!-- See http://creativecommons.org/licenses/by-sa/3.0 -->
 
-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v 1.10 2013/04/16 10:06:42 swift Exp $ -->
+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-changes.xml,v 1.11 2013/04/19 10:34:11 swift Exp $ -->
 
 <sections>
-<version>10</version>
-<date>2013-04-16</date>
+<version>11</version>
+<date>2013-04-19</date>
 
 
 <section>
@@ -228,10 +228,33 @@
 <section>
 <title>Overview of Changes for ~Arch Users</title>
 <subsection>
+<title>2013/04/19 - Introducing selocal command</title>
 <body>
 
 <p>
-No ~arch-specific changes yet.
+With policycoreutils-2.1.13-r11 onwards, a new command called <c>selocal</c> is
+available. This command allows users to easily add in additional SELinux policy
+rules to the local policy without having go through the hassle of building and
+maintaining their own <path>.te</path> files. Instead, this command does that
+for you.
+</p>
+
+<p>
+Rules that are added to the local policy (hence the name, <c>selocal</c>) can be
+accompanied with a small comment to allow users to describe why a change was
+added (or to refer to a bug id on Gentoo's bugzilla).
+</p>
+
+<pre caption="Adding a rule to the local policy">
+# <i>selocal -a "rpcbind_stream_connect(sysadm_t)" -c "Be able to call exportfs (NFS)"</i>
+# <i>selocal --build --load</i>
+</pre>
+
+<p>
+With <c>--list</c> you can view the currently added local policy rules, and with
+<c>--delete</c> they can be removed from the local policy. When you want to have
+the changes take effect, run <c>selocal --build --load</c> to build the new
+local policy and load it in memory.
 </p>
 
 </body>