From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-docs:master commit in: html/, html/selinux/
Date: Tue, 24 May 2011 20:39:14 +0000 (UTC) [thread overview]
Message-ID: <3e160946c1c040608a82ccb115c198cbdbc297b2.SwifT@gentoo> (raw)
commit: 3e160946c1c040608a82ccb115c198cbdbc297b2
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue May 24 20:36:34 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue May 24 20:36:34 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=3e160946
Update previews
---
html/index.html | 5 +-
html/index2.html | 5 +-
html/roadmap.html | 590 +++++++++++---------------
html/selinux-policy.html | 7 +-
html/selinux/hb-intro-enhancingsecurity.html | 4 +-
html/selinux/index.html | 242 +++++++----
html/support-state.html | 264 ++++++++++++
7 files changed, 676 insertions(+), 441 deletions(-)
diff --git a/html/index.html b/html/index.html
index 9f5561b..8cbf79a 100644
--- a/html/index.html
+++ b/html/index.html
@@ -271,6 +271,9 @@ GNU Stack Quickstart
<li>
<a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a>
</li>
+ <li>
+ <a href="selinux-faq.html">Gentoo SELinux FAQ</a>
+ </li>
</ul>
</li>
</ul>
@@ -287,7 +290,7 @@ GNU Stack Quickstart
</tr>
<tr>
<td class="tableinfo">hardened</td>
- <td class="tableinfo">battousai, blueness, chainsaw, dragonheart, gengor, nixnut, pebenito, solar, zorry</td>
+ <td class="tableinfo">battousai, blueness, chainsaw, dragonheart, gengor, klondike, nixnut, pebenito, solar, zorry</td>
<td class="tableinfo">Hardened Gentoo project packages and policy</td>
</tr>
<tr>
diff --git a/html/index2.html b/html/index2.html
index 883f517..1f8776e 100644
--- a/html/index2.html
+++ b/html/index2.html
@@ -240,6 +240,9 @@ GNU Stack Quickstart</a>
<li>
<a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a>
</li>
+ <li>
+ <a href="selinux-faq.html">Gentoo SELinux FAQ</a>
+ </li>
</ul>
</li>
</ul>
@@ -256,7 +259,7 @@ GNU Stack Quickstart</a>
</tr>
<tr>
<td class="tableinfo">hardened</td>
- <td class="tableinfo">battousai, blueness, chainsaw, dragonheart, gengor, nixnut, pebenito, solar, zorry</td>
+ <td class="tableinfo">battousai, blueness, chainsaw, dragonheart, gengor, klondike, nixnut, pebenito, solar, zorry</td>
<td class="tableinfo">Hardened Gentoo project packages and policy</td>
</tr>
<tr>
diff --git a/html/roadmap.html b/html/roadmap.html
index e2d38b8..1f74223 100644
--- a/html/roadmap.html
+++ b/html/roadmap.html
@@ -11,395 +11,295 @@
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
<title>Gentoo Linux Documentation
--
- Hardened Gentoo Roadmap</title>
+ Gentoo Hardened Roadmap</title>
</head>
<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
<td width="99%" class="content" valign="top" align="left">
-<br><h1>Hardened Gentoo Roadmap</h1>
+<table class="ncontent" align="center" width="90%" border="2px" cellspacing="0" cellpadding="4px"><tr><td bgcolor="#ddddff"><p class="note"><b>Disclaimer : </b>
+ This document is a work in progress and should not be considered official yet.
+ </p></td></tr></table>
+<br><h1>Gentoo Hardened Roadmap</h1>
<form name="contents" action="http://www.gentoo.org">
<b>Content</b>:
- <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Where the Hardened Gentoo Project Is Today</option>
-<option value="#doc_chap2">2. Short-Term Goals</option>
-<option value="#doc_chap3">3. Long-Term Goals</option>
-<option value="#doc_chap4">4. Roadmap Tracking</option></select>
+ <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Vision</option>
+<option value="#doc_chap2">2. Strategy</option>
+<option value="#doc_chap3">3. Documentation Goals and Milestones</option>
+<option value="#doc_chap4">4. Hardened Toolchain Goals and Milestones</option>
+<option value="#doc_chap5">5. grSecurity Goals and Milestones</option>
+<option value="#doc_chap6">6. SELinux Goals and Milestones</option></select>
</form>
<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
- </span>Where the Hardened Gentoo Project Is Today</p>
+ </span>Vision</p>
<p>
-The Hardened Gentoo herd lost many developer in the past years. The toolchain
-was stuck on GCC 3.4.X for a long time but we have started to catch up, and the
-hardened-sources also needed to be brought up to date. The documentation is
-being updated slowly and still needs a lot of work. We also need bug-wranglers
-that help us with fixing bugs.
+Within Gentoo Linux, the Gentoo Hardened project wants to be a shepherd for all
+security oriented projects. The project wants to make Gentoo viable for highly
+secure, high stability production environments.
</p>
<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
- </span>Short-Term Goals</p>
-<p class="secthead"><a name="doc_chap2_sect1">Hardened Toolchain</a></p>
+ </span>Strategy</p>
+<p class="secthead"><a name="doc_chap2_sect1">Introduction</a></p>
<p>
-Now is the time to take a step back and examine the work that has been done so
-far. A review of the current approach that the hardened toolchain takes is
-needed. There may be ways to strengthen the current implementation or areas of
-code that can be cleaned up to allow changes to be pushed upstream easier.
+In order to succesfully strive towards our vision, Gentoo Hardened aims to
+provide subprojects that test, develop, enhance, implement and integrate
+specific security measures in Gentoo Linux. Although each of these projects has
+operational responsibilities (after all, the technologies that they support are
+used by users all around) they continue to research and develop, making Gentoo
+Linux even better than it is today.
</p>
<p>
-As a side effect of the previous hardened toolchain, many ebuilds currently
-filter hardened CFLAGS such as -fPIE and -fstack-protector. Work will also be
-dedicated to reviewing those packages and seeking alternate solutions for the
-filters.
+The direction that each of these projects is heading towards is described in
+their <span class="emphasis">roadmap</span>, a combination of strategic directions and shorter term
+milestones. These roadmaps are combined in this very document, allowing users to
+get a general overview of where Gentoo Hardened is evolving towards.
</p>
-<p class="secthead"><a name="doc_chap2_sect2">Access Control Systems</a></p>
-<p><b>Grsecurity</b></p>
+<p class="secthead"><a name="doc_chap2_sect2">Documentation</a></p>
<p>
-Documents regarding Grsecurity are currently a major need for Gentoo.
+Documentation is Gentoo Hardened's first asset that users come in contact with.
+It is important that Gentoo Hardened's documentation is well structured, easily
+accessible and correctly written. Although we currently focus on technically
+educated users and system administrators, this focus should not lower our
+responsibility of creating the necessary documents to guide new users in Gentoo
+Hardened's realms.
</p>
-<ul>
-<li>
-The existing Grsecurity2 document needs to be converted to Handbook XML.
-</li>
-<li>
-We are working on a document describing the features on PAX and Grsecurity.
-</li>
-<li>
-Also, a document describing the RBAC system in more detail is needed.
-</li>
-<li>
-Finally we are working on keeping the hardened kernel sources up to date.
-</li>
-</ul>
-<p><b>SELinux</b></p>
+<p class="secthead"><a name="doc_chap2_sect3">Vulnerability Mitigation</a></p>
<p>
-Currently the project supports x86 and AMD64 so support for other architectures
-has to be handled by upstream except when the issues can also be reproduced in
-any of those architectures. Aside work is being done in the following areas:
+Users use a <span class="emphasis">toolchain</span>, a set of libraries and tools like compilers,
+linkers and more, to build their systems with. To fight potential
+vulnerabilities and future exploits, Gentoo Hardened maintains a toolchain that
+supports additional security-enhancing features like SSP, PIE and PIC.
+Our focus is to enhance and maintain this toolchain and help the integration of
+these security-enhancing patchsets within the upstream communities so that the
+benefits are available for all Linux users.
</p>
-<ul>
-<li>
-Strengthen and extend current policies.
-</li>
-<li>
-Extend support to more architectures.
-</li>
-<li>
-Policy module support.
-</li>
-<li>
-Additional Daemon Policies.
-</li>
-<li>
-Updated documentation.
-</li>
-</ul>
-<p><b>RSBAC</b></p>
<p>
-We need a new maintainer here so if you think you qualify as it feel free to
-contact us.
+Yet toolchains are not the only method where risks can be reduced. Specific
+patch sets that enhance Linux' security-related capabilities exist, such as
+PAX, that help users mitigate the risk of succesful exploitation of
+vulnerabilities. Gentoo Hardened positions and integrates these patches in the
+distribution.
</p>
-<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
- </span>Long-Term Goals</p>
-<p class="secthead"><a name="doc_chap3_sect1">Documentation</a></p>
+<p class="secthead"><a name="doc_chap2_sect4">Access Control</a></p>
<p>
-The Hardened Gentoo Project is currently very lacking in documentation. The
-hardened toolchain needs to be documented fully, and older documents that have a
-relationship to the toolchain need to be updated, such as the SSP, PIE, and PIC
-documents. Also, comparative documents should be written to explain the choices
-that Hardened Gentoo has made in deciding which security tools to support and
-which not to support.
+Although definitely not the only security component of a system, proper access
+control is a prerequisite for a safer environment. Within Gentoo Hardened,
+support of proper access control systems is important, and reflected in our
+choices of enhanced development of SELinux, grSecurity RSBAC and more.
</p>
-<p class="secthead"><a name="doc_chap3_sect2">Support More Architectures</a></p>
+<p class="secthead"><a name="doc_chap2_sect5">Architecture Support</a></p>
<p>
-A long-term goal of the Hardened Gentoo Project is to support all of the
-architectures that are officially supported by Gentoo. The only strong support
-that exists at the moment is for x86 and amd64.
+The current primary development activities take place within the popular and
+commodity architectures x86 and amd64 (x86_64). Yet many other architectures
+exist, especially within the server and embedded/mobile environments. These
+architectures need to be properly supported as well.
</p>
+<p class="secthead"><a name="doc_chap2_sect6">Staffing</a></p>
<p>
-The hardened toolchain supports x86, amd64, ppc, ppc64, arm, ia64 and would like
-to extend support to sparc and similar architectures. With access to different
-kinds of hardware, hardened support can slowly be extended to those
-architectures as well.
+In order to sustain or even grow our research and development pace and keep
+supporting operational tasks and help out users, the Gentoo Hardened team is
+always looking for fresh blood. Users who take a proactive approach to finding
+places for improvement and filling in the holes should and will be noticed and
+probably recruited. Yet recruitment is not mandatory to help out our project.
+The necessary resources are put in place to let contributors efficiently help
+out the project.
</p>
-<p class="secthead"><a name="doc_chap3_sect3">Expand the Hardened Team</a></p>
+<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
+ </span>Documentation Goals and Milestones</p>
+<p class="secthead"><a name="doc_chap3_sect1">Current State</a></p>
<p>
-There will always be unfinished tasks for the Hardened Team. Users who take a
-proactive approach to finding places for improvement and filling in the holes
-will be noticed and probably recruited. Current Hardened Team members will be
-responsible for training new developers to fill new roles. If you are interested
-in helping out, stop by the IRC channel and let someone know what you are
-interested in and what you will be doing about it.
+The Gentoo Hardened project is currently lagging behind a bit on documentation.
+Recent upstaffing and contributions have helped this out, but we still need to
+focus on the toolchain documentation (both toolchain-specific documentation
+as wel as documents that relate to the toolchain) such as SSP, PIE and PIC
+information.
</p>
<p>
-Input/peer review should always be welcome as it helps everyone out in the long
-run.
+Also, comparative documents should be written to explain the choices that Gentoo
+Hardened has made, such as tool selection.
</p>
-<p class="chaphead"><a name="doc_chap4"></a><span class="chapnum">4.
- </span>Roadmap Tracking</p>
-<p class="secthead"><a name="doc_chap4_sect1">Hardened Toolchain</a></p>
-<table class="ntable">
- <tr>
- <td class="infohead"><b>Description</b></td>
-<td class="infohead"><b>Coordinator(s)</b></td>
-<td class="infohead"><b>Status</b></td>
- </tr>
- <tr>
- <td class="tableinfo">x86 Support</td>
-<td class="tableinfo">zorry</td>
-<td class="tableinfo">Complete</td>
- </tr>
- <tr>
- <td class="tableinfo">amd64 Support</td>
-<td class="tableinfo">zorry</td>
-<td class="tableinfo">Complete</td>
- </tr>
- <tr>
- <td class="tableinfo">sparc32 Support</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">sparc64 Support</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">ppc Support</td>
-<td class="tableinfo">nixnut,zorry,blueness</td>
-<td class="tableinfo">Complete</td>
- </tr>
- <tr>
- <td class="tableinfo">ppc64 Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">Complete</td>
- </tr>
- <tr>
- <td class="tableinfo">s390 Support</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">hppa Support</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Not supported</td>
- </tr>
- <tr>
- <td class="tableinfo">arm Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">In progress</td>
- </tr>
- <tr>
- <td class="tableinfo">mips Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">In progress</td>
- </tr>
- <tr>
- <td class="tableinfo">ia64 Support</td>
-<td class="tableinfo">zorry,blueness</td>
-<td class="tableinfo">Complete</td>
- </tr>
-</table>
-<p class="secthead"><a name="doc_chap4_sect2">Hardened GCC</a></p>
-<table class="ntable">
- <tr>
- <td class="infohead"><b>GCC version</b></td>
-<td class="infohead"><b>Support PIE</b></td>
-<td class="infohead"><b>Support SSP</b></td>
-<td class="infohead"><b>Arch</b></td>
- </tr>
- <tr>
- <td class="tableinfo">3.6.X</td>
-<td class="tableinfo">Yes</td>
-<td class="tableinfo">Yes</td>
-<td class="tableinfo">x86 amd64</td>
- </tr>
- <tr>
- <td class="tableinfo">4.3.X</td>
-<td class="tableinfo">Yes</td>
-<td class="tableinfo">Yes</td>
-<td class="tableinfo">x86 amd64</td>
- </tr>
- <tr>
- <td class="tableinfo">4.4.X</td>
-<td class="tableinfo">Yes</td>
-<td class="tableinfo">Yes</td>
-<td class="tableinfo">x86 amd64 arm ppc ppc64 ia64</td>
- </tr>
- <tr>
- <td class="tableinfo">4.5.X</td>
-<td class="tableinfo">Yes</td>
-<td class="tableinfo">Yes</td>
-<td class="tableinfo">x86 amd64 arm ppc ppc64 ia64</td>
- </tr>
-</table>
-<p class="secthead"><a name="doc_chap4_sect3">Hardened Toolchain</a></p>
-<table class="ntable">
- <tr>
- <td class="infohead"><b>Description</b></td>
-<td class="infohead"><b>Coordinator(s)</b></td>
-<td class="infohead"><b>Status</b></td>
- </tr>
- <tr>
- <td class="tableinfo">Document the feature set</td>
-<td class="tableinfo">none</td>
-<td class="tableinfo">In Progress</td>
- </tr>
- <tr>
- <td class="tableinfo">Describe the RBAC system</td>
-<td class="tableinfo">none</td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">Release hardened-sources-2.6.37</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">Complete</td>
- </tr>
-</table>
-<p class="secthead"><a name="doc_chap4_sect4">Hardened Sources</a></p>
+<p class="secthead"><a name="doc_chap3_sect2">Goals and Milestones</a></p>
<table class="ntable">
- <tr>
- <td class="infohead"><b>Description</b></td>
-<td class="infohead"><b>Coordinator(s)</b></td>
-<td class="infohead"><b>Status</b></td>
- </tr>
- <tr>
- <td class="tableinfo">x86 Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">Complete</td>
- </tr>
- <tr>
- <td class="tableinfo">amd64 Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">Complete</td>
- </tr>
- <tr>
- <td class="tableinfo">sparc32 Support</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">sparc64 Support</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">ppc Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">In Progress</td>
- </tr>
- <tr>
- <td class="tableinfo">ppc64 Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">Complete</td>
- </tr>
- <tr>
- <td class="tableinfo">s390 Support</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">hppa Support</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Not supported</td>
- </tr>
- <tr>
- <td class="tableinfo">arm Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">In testing</td>
- </tr>
- <tr>
- <td class="tableinfo">mips Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">In testing</td>
- </tr>
- <tr>
- <td class="tableinfo">ia64 Support</td>
-<td class="tableinfo">blueness</td>
-<td class="tableinfo">Complete</td>
- </tr>
+<tr>
+ <td class="infohead"><b>Description</b></td>
+ <td class="infohead"><b>ETA</b></td>
+ <td class="infohead"><b>Status</b></td>
+ <td class="infohead"><b>Coordinator(s)</b></td>
+ <td class="infohead"><b>Related Bugs</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">Document the Hardened Toolchain</td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-keyword">In Progress</span></td>
+ <td class="tableinfo">Zorry</td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">Comparative analysis of security approaches taken by distributions</td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-comment">Unassigned</span></td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">Rework grSecurity documentation</td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-comment">Unassigned</span></td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">Update/rewrite propolice documentation</td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-comment">Unassigned</span></td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"></td>
+</tr>
</table>
-<p class="secthead"><a name="doc_chap4_sect5">SELinux</a></p>
+<p class="chaphead"><a name="doc_chap4"></a><span class="chapnum">4.
+ </span>Hardened Toolchain Goals and Milestones</p>
+<p class="secthead"><a name="doc_chap4_sect1">Current State</a></p>
+<p>
+Our toolchain so far has seen a tremendous evolution. Some of the integrated
+patches have been accepted upstream (like SSP), but work can still improve.
+To allow changes to be pushed upstream more easily, we might need improvements
+on the ways to strengthen the current implementation, and work on the areas of
+code that need clean-up.
+</p>
+<p>
+Our next steps are to take a step backwards and examine the work that has been
+done so far. We need to improve our existing documents, but also review the
+packages available in the Portage tree and help out the package maintainers in
+handling CFLAG filters for a hardened toolchain in a proper way.
+</p>
+<p class="secthead"><a name="doc_chap4_sect2">Goals and Milestones</a></p>
<table class="ntable">
- <tr>
- <td class="infohead"><b>Description</b></td>
-<td class="infohead"><b>Coordinator(s)</b></td>
-<td class="infohead"><b>Status</b></td>
- </tr>
- <tr>
- <td class="tableinfo">Strengthen and extend the current policies</td>
-<td class="tableinfo">pebenito</td>
- <td class="tableinfo">In Progress</td>
- </tr>
- <tr>
- <td class="tableinfo">Extend support to more architectures</td>
-<td class="tableinfo">pebenito</td>
- <td class="tableinfo">In Progress</td>
- </tr>
- <tr>
- <td class="tableinfo">Policy module support</td>
-<td class="tableinfo">pebenito</td>
- <td class="tableinfo">In Progress</td>
- </tr>
- <tr>
- <td class="tableinfo">Additional Daemon Policies</td>
-<td class="tableinfo">pebenito</td>
- <td class="tableinfo">In Progress</td>
- </tr>
- <tr>
- <td class="tableinfo">Updated documentation</td>
-<td class="tableinfo">SwifT</td>
- <td class="tableinfo">In Progress</td>
- </tr>
+<tr>
+ <td class="infohead"><b>Description</b></td>
+ <td class="infohead"><b>ETA</b></td>
+ <td class="infohead"><b>Status</b></td>
+ <td class="infohead"><b>Coordinator(s)</b></td>
+ <td class="infohead"><b>Related Bugs</b></td>
+</tr>
+<tr>
+ <td class="infohead" colspan="5" style="text-align:center"><b>Enhance documentation</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">Document the toolchain feature set</td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-variable">In progress</span></td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">Describe the grSecurity RBAC system</td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-comment">Unassigned</span></td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="infohead" colspan="5" style="text-align:center"><b>Kernel development and maintenance</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">Release hardened-sources-2.6.37</td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-keyword">Done</span></td>
+ <td class="tableinfo">blueness</td>
+ <td class="tableinfo"></td>
+</tr>
</table>
-<p class="secthead"><a name="doc_chap4_sect6">RSBAC</a></p>
+<p class="chaphead"><a name="doc_chap5"></a><span class="chapnum">5.
+ </span>grSecurity Goals and Milestones</p>
+<p class="secthead"><a name="doc_chap5_sect1">Current State</a></p>
+<p>
+grSecurity is well integrated within Gentoo Hardened (patch- and software wise
+as well as knowledge). However, the documentation is lagging behind a lot and
+is in need for attention.
+</p>
+<p class="secthead"><a name="doc_chap5_sect2">Goals and Milestones</a></p>
<table class="ntable">
- <tr>
- <td class="infohead"><b>Description</b></td>
-<td class="infohead"><b>Coordinator(s)</b></td>
-<td class="infohead"><b>Status</b></td>
- </tr>
- <tr>
- <td class="tableinfo">Bring policy support tool to Gentoo packages.</td>
-<td class="tableinfo"></td>
- <td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">Enhance RSBAC Documentation</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
+<tr>
+ <td class="infohead"><b>Description</b></td>
+ <td class="infohead"><b>ETA</b></td>
+ <td class="infohead"><b>Status</b></td>
+ <td class="infohead"><b>Coordinator(s)</b></td>
+ <td class="infohead"><b>Related Bugs</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">
+ the existing grSecurity2 document needs to be converted to Handbook XML
+ </td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-comment">Unassigned</span></td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">
+ the features of PAX and grSecurity need to be described and documented
+ </td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-comment">Unassigned</span></td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">
+ the RBAC system needs to be covered documentation-wise in much more detail
+ </td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"><span class="code-comment">Unassigned</span></td>
+ <td class="tableinfo"></td>
+ <td class="tableinfo"></td>
+</tr>
</table>
-<p class="secthead"><a name="doc_chap4_sect7">Documentation</a></p>
+<p class="chaphead"><a name="doc_chap6"></a><span class="chapnum">6.
+ </span>SELinux Goals and Milestones</p>
+<p class="secthead"><a name="doc_chap6_sect1">Current State</a></p>
+<p>
+The Gentoo Hardened SELinux state is, within the ~arch branches, up to date and
+fully supported (except MCS/MLS which is not supported yet). The documentation
+is being updated as the state evolves, but can still improve.
+</p>
+<p class="secthead"><a name="doc_chap6_sect2">Goals and Milestones</a></p>
<table class="ntable">
- <tr>
- <td class="infohead"><b>Description</b></td>
-<td class="infohead"><b>Coordinator(s)</b></td>
-<td class="infohead"><b>Status</b></td>
- </tr>
- <tr>
- <td class="tableinfo">Comparative analysis of security approaches taken by distributions.</td>
- <td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">Rework Grsecurity Documentation</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">Update/Rewrite Propolice Documentation</td>
-<td class="tableinfo"></td>
-<td class="tableinfo">Unassigned</td>
- </tr>
- <tr>
- <td class="tableinfo">Document the Hardened Toolchain</td>
-<td class="tableinfo">zorry</td>
-<td class="tableinfo">In Progress</td>
- </tr>
+<tr>
+ <td class="infohead"><b>Description</b></td>
+ <td class="infohead"><b>ETA</b></td>
+ <td class="infohead"><b>Status</b></td>
+ <td class="infohead"><b>Coordinator(s)</b></td>
+ <td class="infohead"><b>Related Bugs</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">Stabilize the userland tools and libraries</td>
+ <td class="tableinfo">2011-05-24</td>
+ <td class="tableinfo"><span class="code-variable">Slight delay</span></td>
+ <td class="tableinfo">blueness, SwifT</td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">
+ Stabilize the ~arch SELinux policies based on 2.20101213 upstream branch
+ </td>
+ <td class="tableinfo">2011-06-07</td>
+ <td class="tableinfo"><span class="code-keyword">On track</span></td>
+ <td class="tableinfo">blueness, SwifT</td>
+ <td class="tableinfo"><a href="https://bugs.gentoo.org/368199">#368199</a></td>
+</tr>
+<tr>
+ <td class="tableinfo">Stabilize the new SELinux profile structure</td>
+ <td class="tableinfo">2011-06-28</td>
+ <td class="tableinfo"><span class="code-keyword">On track</span></td>
+ <td class="tableinfo">blueness</td>
+ <td class="tableinfo"><a href="https://bugs.gentoo.org/365483">#365483</a></td>
+</tr>
</table>
<br><br>
</td>
<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="roadmap.xml?style=printable">Print</a></p></td></tr>
-<tr><td class="topsep" align="center"><p class="alttext">Updated February 2, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated May 22, 2011</p></td></tr>
<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
A roadmap that plots current needs and goals of the
Hardened Gentoo project.
diff --git a/html/selinux-policy.html b/html/selinux-policy.html
index f9af9d5..e7ce30a 100644
--- a/html/selinux-policy.html
+++ b/html/selinux-policy.html
@@ -11,16 +11,13 @@
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
<title>Gentoo Linux Documentation
--
- Gentoo Hardened SELinux Policy</title>
+ Gentoo Hardened SELinux Development Policy</title>
</head>
<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
<td width="99%" class="content" valign="top" align="left">
-<table class="ncontent" align="center" width="90%" border="2px" cellspacing="0" cellpadding="4px"><tr><td bgcolor="#ddddff"><p class="note"><b>Disclaimer : </b>
- This document is a work in progress and should not be considered official yet.
- </p></td></tr></table>
-<br><h1>Gentoo Hardened SELinux Policy</h1>
+<br><h1>Gentoo Hardened SELinux Development Policy</h1>
<form name="contents" action="http://www.gentoo.org">
<b>Content</b>:
<select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Principles</option>
diff --git a/html/selinux/hb-intro-enhancingsecurity.html b/html/selinux/hb-intro-enhancingsecurity.html
index 53ac9ef..1f39ee7 100644
--- a/html/selinux/hb-intro-enhancingsecurity.html
+++ b/html/selinux/hb-intro-enhancingsecurity.html
@@ -170,7 +170,7 @@ Next to the kernel support and labels assigned to the resources and support
within the authorization system, SELinux also requires particular tools to
support the SELinux features. Examples are administrative tools to view and
manipulate labels, privilege management tools (like <span class="code" dir="ltr">sudo</span>), system
-services (like HAL or SysVInit) etc. This is reflected in a set of patches
+services (like SysVInit) etc. This is reflected in a set of patches
against these (and more) tools which are not always part of the applications'
main source code.
</p>
@@ -201,7 +201,7 @@ run and manage a SELinux hardened Gentoo system.
</p>
</td>
<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated January 10, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated May 25, 2011</p></td></tr>
<tr lang="en"><td align="center" class="topsep">
<p class="alttext"><b>Donate</b> to support our development efforts.
</p>
diff --git a/html/selinux/index.html b/html/selinux/index.html
index e1de71a..1cd3b3f 100644
--- a/html/selinux/index.html
+++ b/html/selinux/index.html
@@ -22,47 +22,62 @@
<b>Content</b>:
<select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Project Description</option>
<option value="#doc_chap2">2. Project Goals</option>
-<option value="#doc_chap3">3. What is SELinux?</option>
-<option value="#doc_chap4">4. Developers</option>
-<option value="#doc_chap5">5. Contributors</option>
-<option value="#doc_chap6">6. Subprojects</option>
-<option value="#doc_chap7">7. Resources</option>
-<option value="#doc_chap8">8. How Do I Use This?</option>
-<option value="#doc_chap9">9. I Want to Participate</option></select>
+<option value="#doc_chap3">3. Developers</option>
+<option value="#doc_chap4">4. Contributors</option>
+<option value="#doc_chap5">5. Subprojects</option>
+<option value="#doc_chap6">6. Resources</option>
+<option value="#doc_chap7">7. Roadmap</option>
+<option value="#doc_chap8">8. I Want to Participate</option></select>
</form>
<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
</span>Project Description</p>
<p>
- This project manages SELinux support in Gentoo. This includes providing
- kernels with SELinux support, providing patches to userland utilities, writing
- strong Gentoo-specific default profiles, and deploying policies from Portage.
+This project manages SELinux support in Gentoo. This includes providing
+kernels with SELinux support, providing patches to userland utilities, writing
+strong Gentoo-specific default profiles, and maintaining a good default set of
+policies.
</p>
-<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
- </span>Project Goals</p>
<p>
- The intention of the project is to make SELinux available to more users, and
- improving its integration.
- Policy should be available for common daemons, and files merged in from Portage
- should have the correct file context. Currently we only work on servers, but
- desktops will be supported in the future.
+<a href="http://www.nsa.gov/research/selinux/index.shtml">Security-Enhanced
+Linux</a> (SELinux) is a Mandatory Access Control system using type
+enforcement and role-based access control. It is integrated within Linux as a
+<a href="http://lsm.immunix.org/">Linux Security Module</a> (LSM)
+implementation. In addition to the kernel portion, SELinux consists of a library
+(libselinux) and userland utilities for compiling policy (checkpolicy), and loading
+policy (policycoreutils), in addition to other user programs.
</p>
-<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
- </span>What is SELinux?</p>
<p>
- <a href="http://www.nsa.gov/research/selinux/index.shtml">Security-Enhanced
- Linux</a> (SELinux) is a system of mandatory access control using type
- enforcement and role-based access control. It is implemented as a <a href="http://lsm.immunix.org/">Linux Security Module</a> (LSM). In addition
- to the kernel portion, SELinux consists of a library (libselinux) and userland
- utilities for compiling policy (checkpolicy), and loading policy
- (policycoreutils), in addition to other user programs.
+One common misconception is that SELinux is a complete security solution. It is
+not. SELinux only provides access control on system objects. It can work well
+with other Hardened projects, such as PaX, for a more complete solution.
</p>
+<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
+ </span>Project Goals</p>
<p>
- One common misconception is that SELinux is a complete security solution,
- however, it is not. SELinux only provides one piece of a security
- solution. It can work well with other Hardened projects, such as PaX,
- for a more complete solution.
+Our goal is to make SELinux (with Gentoo Hardened) available to more users.
+As a result, we
</p>
-<p class="chaphead"><a name="doc_chap4"></a><span class="chapnum">4.
+<ul>
+ <li>
+ develop, improve and maintain the proper documentation and learning
+ material for end users to master SELinux
+ </li>
+ <li>
+ maintain a stable yet progressive set of userland tools that are needed
+ to interoperate with SELinux on a Linux system (such as the core utilities,
+ libselinux and more)
+ </li>
+ <li>
+ focus on the integration of SELinux and SELinux-awareness within the Gentoo
+ distribution, offering the necessary feedback on Portage and other utilities
+ </li>
+ <li>
+ develop, improve and maintain a good and secure default policy, based on the
+ reference policy, so that end users have no difficulties working with and
+ enhancing SELinux within their environment
+ </li>
+</ul>
+<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
</span>Developers</p>
<table class="ntable">
<tr>
@@ -77,19 +92,17 @@
</tr>
<tr>
<td class="tableinfo"></td>
- <td class="tableinfo">blueness
-</td>
+ <td class="tableinfo">blueness</td>
<td class="tableinfo">Policy development, Proxy (non developer contributors)</td>
</tr>
</table>
<p>
All developers can be reached by e-mail using <span class="code" dir="ltr">nickname@gentoo.org</span>.
</p>
-<p class="chaphead"><a name="doc_chap5"></a><span class="chapnum">5.
+<p class="chaphead"><a name="doc_chap4"></a><span class="chapnum">4.
</span>Contributors</p>
<p>
-The following people although non-developer is actively contributing with the
-project:
+The following people, although non-developer, are actively contributing to the project:
</p>
<table class="ntable">
<tr>
@@ -108,7 +121,7 @@ project:
<td class="tableinfo">Documentation writing, policy development, support</td>
</tr>
</table>
-<p class="chaphead"><a name="doc_chap6"></a><span class="chapnum">6.
+<p class="chaphead"><a name="doc_chap5"></a><span class="chapnum">5.
</span>Subprojects</p>
<p>The SELinux
project has the following subprojects:
@@ -120,98 +133,153 @@ project:
<td class="infohead"><b>Description</b></td>
</tr>
<tr>
- <td class="tableinfo">Base Policy</td>
+ <td class="tableinfo">Policy</td>
<td class="tableinfo">pebenito</td>
<td class="tableinfo">
- SELinux policy for the core system, including users, administrators, and
- daemons in the system profile.
+Develop and maintain a secure, default set of policies for the system, including
+user and role definitions, service policies and application policies.
</td>
</tr>
<tr>
- <td class="tableinfo">Daemon Policy</td>
+ <td class="tableinfo">Userland</td>
<td class="tableinfo">pebenito</td>
<td class="tableinfo">
- SELinux policies for common daemons.
+Develop and maintain the packages for SELinux userland utilities and libraries,
+including SELinux-aware patches for more general applications and libraries.
</td>
</tr>
<tr>
- <td class="tableinfo">x86</td>
+ <td class="tableinfo">Kernel</td>
<td class="tableinfo">pebenito</td>
<td class="tableinfo">
- Support for the x86 architecture.
+Integrate, improve and maintain SELinux patches in the Linux kernel for Gentoo
+Hardened.
</td>
</tr>
<tr>
- <td class="tableinfo">AMD64</td>
+ <td class="tableinfo">Documentation</td>
<td class="tableinfo">pebenito</td>
<td class="tableinfo">
- Support for the AMD64 (x86-64) architecture.
+Develop and maintain SELinux documentation specific to the Gentoo distribution
</td>
</tr>
</table>
-<p class="chaphead"><a name="doc_chap7"></a><span class="chapnum">7.
+<p class="chaphead"><a name="doc_chap6"></a><span class="chapnum">6.
</span>Resources</p>
<p>Resources offered by the
SELinux
project are:</p>
<ul>
<li>
- <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a>
+ <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook (including installation)</a>
</li>
<li>
<a href="selinux-faq.html">Gentoo SELinux FAQ</a>
</li>
+ <li>
+ <a href="selinux-development.html">Gentoo Hardened SELinux Development</a>
+ </li>
+ <li>
+ <a href="selinux-policy.html">Gentoo Hardened SELinux Development Policy</a>
+ </li>
</ul>
-<p class="chaphead"><a name="doc_chap8"></a><span class="chapnum">8.
- </span>How Do I Use This?</p>
+<p class="chaphead"><a name="doc_chap7"></a><span class="chapnum">7.
+ </span>Roadmap</p>
<p>
- SELinux can be installed on a new system by following the above install guide.
+The following table depics the roadmap we have in mind for the Gentoo Hardened
+SELinux project:
</p>
-<p class="chaphead"><a name="doc_chap9"></a><span class="chapnum">9.
+<table class="ntable">
+<tr>
+ <td class="infohead"><b>Milestone</b></td>
+ <td class="infohead"><b>Progress</b></td>
+
+ <td class="infohead"><b>Description</b></td>
+ <td class="infohead"><b>ETA</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">Userland stabilization</td>
+ <td class="tableinfo"><span class="code-keyword">on track</span></td>
+ <td class="tableinfo">
+ Stabilize the SELinux userland utilities currently available in ~arch.
+ These utilities (and libraries) are needed to cover recent SELinux policies
+ and improve user experience within Gentoo Hardened SELinux
+ </td>
+ <td class="tableinfo">
+ 2011-05-24
+ </td>
+</tr>
+<tr>
+ <td class="tableinfo">Policy stabilization</td>
+ <td class="tableinfo"><span class="code-keyword">on track</span></td>
+ <td class="tableinfo">
+ Stabilize the SELinux policies based on upstream 2.20101213. The current
+ stable policies are not compatible with the current Gentoo stable state
+ (such as openrc support, networking/wireless and more.)
+ </td>
+ <td class="tableinfo">
+ 2011-06-07
+ </td>
+</tr>
+<tr>
+ <td class="tableinfo">Profile stabilization</td>
+ <td class="tableinfo"><span class="code-keyword">on track</span></td>
+ <td class="tableinfo">
+ Stabilize the restructured Gentoo SELinux profiles. The existing profiles
+ have proved to be a bit more daunting to manage whereas the new profiles are
+ made to be flexible yet simple to maintain.
+ </td>
+ <td class="tableinfo">
+ 2011-06-28
+ </td>
+</tr>
+</table>
+<p class="chaphead"><a name="doc_chap8"></a><span class="chapnum">8.
</span>I Want to Participate</p>
<p>
- To participate in the SELinux project first join the mailing list at
- <span class="code" dir="ltr">gentoo-hardened@gentoo.org</span>. Then ask if there are plans to support
- something that you are interested in, propose a new subproject that you are
- interested in or choose one of the planned subprojects to work on. You may talk
- to the developers and users in the IRC channel <span class="code" dir="ltr">#gentoo-hardened</span> on
- <span class="code" dir="ltr">irc.freenode.net</span> for more information or just to chat about the project
- or any subprojects. If you don't have the ability to actively help by
- contributing work we will always need testers to use and audit the SELinux
- policies. All development, testing, feedback, and productive comments will
- be greatly appreciated.
+To participate in the SELinux project first join the mailing list at
+<span class="code" dir="ltr">gentoo-hardened@gentoo.org</span>. Then ask if there are plans to support
+something that you are interested in, propose a new subproject that you are
+interested in or choose one of the planned subprojects to work on. You may talk
+to the developers and users in the IRC channel <span class="code" dir="ltr">#gentoo-hardened</span> on
+<span class="code" dir="ltr">irc.freenode.net</span> for more information or just to chat about the project
+or any subprojects. If you don't have the ability to actively help by
+contributing work we will always need testers to use and audit the SELinux
+policies. All development, testing, feedback, and productive comments will
+be greatly appreciated.
</p>
-<p class="secthead"><a name="doc_chap9_sect2">Policy Submissions</a></p>
+<p class="secthead"><a name="doc_chap8_sect2">Policy Submissions</a></p>
<p>
- The critical component of a SELinux system is having a strong policy. The
- team does its best to support as many daemons as possible. However, we cannot
- create policies for daemons with which we are unfamiliar. But we are happy
- to receive policy submissions for consideration. There are a few requirements:
+The critical component of a SELinux system is having a strong policy. The
+team does its best to support as many daemons as possible. However, we cannot
+create policies for daemons with which we are unfamiliar. But we are happy
+to receive policy submissions for consideration. There are a few requirements:
</p>
<ul>
-<li>
- Make comments (in the policy and/or bug), so we can understand changes
- from the NSA example policy.
-</li>
-<li>
- The policy should cover common installations. Please do not submit policies
- for odd or nonstandard daemon configurations.
-</li>
-<li>
- We need to know if the policy is dependent on another policy (for example
- rpcd is dependent on portmap) other than base-policy.
-</li>
-<li>
- An ebuild for the policy can also be submitted to help the developers
- integrate the policy into Portage more quickly, if it is accepted.
- See current daemon policies in Portage for example uses of the
- selinux-policy eclass.
-</li>
+ <li>
+ Make comments (in the policy and/or bug), so we can understand changes
+ from the Reference Policy example policy.
+ </li>
+ <li>
+ The policy should cover common installations. Please do not submit policies
+ for odd or nonstandard daemon configurations.
+ </li>
+ <li>
+ We need to know if the policy is dependent on another policy (for example
+ rpcd is dependent on portmap) other than base-policy.
+ </li>
+ <li>
+ An ebuild for the policy can also be submitted to help the developers
+ integrate the policy into Portage more quickly, if it is accepted.
+ See current daemon policies in Portage for example uses of the
+ selinux-policy eclass.
+ </li>
</ul>
<p>
- The policy should be submitted on <a href="http://bugs.gentoo.org/">bugzilla</a>.
- Please attach the .te and .fc files separately to the bug, not as a tarball.
- The bug should be assigned to <span class="code" dir="ltr">selinux@gentoo.org</span>.
+The policy should be submitted on <a href="http://bugs.gentoo.org/">bugzilla</a>.
+Please attach the .te and .fc files separately to the bug, not as a tarball.
+The bug should be Cc'ed to <span class="code" dir="ltr">selinux@gentoo.org</span> and will be properly
+reassigned by the team.
</p>
<br><br>
</td>
diff --git a/html/support-state.html b/html/support-state.html
new file mode 100644
index 0000000..45c51bd
--- /dev/null
+++ b/html/support-state.html
@@ -0,0 +1,264 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
+<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
+<title>Gentoo Linux Documentation
+--
+ Gentoo Hardened Support State</title>
+</head>
+<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
+<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
+<td width="99%" class="content" valign="top" align="left">
+<table class="ncontent" align="center" width="90%" border="2px" cellspacing="0" cellpadding="4px"><tr><td bgcolor="#ddddff"><p class="note"><b>Disclaimer : </b>
+ This document is a work in progress and should not be considered official yet.
+ </p></td></tr></table>
+<br><h1>Gentoo Hardened Support State</h1>
+<form name="contents" action="http://www.gentoo.org">
+<b>Content</b>:
+ <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Introduction</option>
+<option value="#doc_chap2">2. Support Matrices</option></select>
+</form>
+<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
+ </span>Introduction</p>
+<p>
+The Gentoo Hardened project aims to support as many platforms as possible.
+However, this aim is restrained as we do not have access to as many platforms
+that we want (nor do we have the resources to work on all these platforms). As a
+result, support for the individual subprojects becomes limited to those
+platforms that we have access and resources to.
+</p>
+<p>
+This document gives an overview of the supported platforms and, if necessary,
+elaborates on the specific requirements in order to work with one of Gentoo
+Hardened's subprojects. Note that each subproject has its own support matrix,
+based on upstream support (which platforms are supported by the technology) and
+Gentoo Hardened (for which platforms can we run tests and validate users'
+reports and feedback).
+</p>
+<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
+ </span>Support Matrices</p>
+<p class="secthead"><a name="doc_chap2_sect1">Hardened Toolchain</a></p>
+<table class="ntable">
+<tr>
+ <td class="infohead"><b>Architecture</b></td>
+ <td class="infohead"><b>Support</b></td>
+ <td class="infohead"><b>Additional notes</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">x86</td>
+ <td class="tableinfo"><span class="code-keyword">In place</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">amd64 / x86_64</td>
+ <td class="tableinfo"><span class="code-keyword">In place</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">ppc</td>
+ <td class="tableinfo"><span class="code-keyword">In place</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">ppc64</td>
+ <td class="tableinfo"><span class="code-keyword">In place</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">ia64</td>
+ <td class="tableinfo"><span class="code-keyword">In place</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">arm</td>
+ <td class="tableinfo"><span class="code-variable">In progress</span></td>
+ <td class="tableinfo">Contact blueness for more information</td>
+</tr>
+<tr>
+ <td class="tableinfo">mips</td>
+ <td class="tableinfo"><span class="code-variable">In progress</span></td>
+ <td class="tableinfo">Contact blueness for more information</td>
+</tr>
+<tr>
+ <td class="tableinfo">sparc32</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">sparc64</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">s390</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">hppa</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+</table>
+<p class="secthead"><a name="doc_chap2_sect2">grSecurity (incl. PAX)</a></p>
+<table class="ntable">
+<tr>
+ <td class="infohead"><b>Architecture</b></td>
+ <td class="infohead"><b>Support</b></td>
+ <td class="infohead"><b>Additional notes</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">x86</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">amd64 / x86_64</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">ppc</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">ppc64</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">ia64</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">arm</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">mips</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">sparc32</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">sparc64</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">s390</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">hppa</td>
+ <td class="tableinfo"><span class="code-constant">Yet to be determined</span></td>
+ <td class="tableinfo"></td>
+</tr>
+</table>
+<p class="secthead"><a name="doc_chap2_sect3">SELinux</a></p>
+<table class="ntable">
+<tr>
+ <td class="infohead"><b>Architecture</b></td>
+ <td class="infohead"><b>Support</b></td>
+ <td class="infohead"><b>Additional notes</b></td>
+</tr>
+<tr>
+ <td class="tableinfo">x86</td>
+ <td class="tableinfo"><span class="code-keyword">In place</span></td>
+ <td class="tableinfo">Still ~arch for the time being</td>
+</tr>
+<tr>
+ <td class="tableinfo">amd64 / x86_64</td>
+ <td class="tableinfo"><span class="code-keyword">In place</span></td>
+ <td class="tableinfo">Still ~arch for the time being</td>
+</tr>
+<tr>
+ <td class="tableinfo">ppc</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">ppc64</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">ia64</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">arm</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">mips</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">sparc32</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">sparc64</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">s390</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+<tr>
+ <td class="tableinfo">hppa</td>
+ <td class="tableinfo"><span class="code-comment">Unsupported</span></td>
+ <td class="tableinfo"></td>
+</tr>
+</table>
+<br><br>
+</td>
+<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="roadmap.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated May 25, 2011</p></td></tr>
+<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
+The support state of the Gentoo Hardened project describes the supported
+platforms, setups and additional requirements for each of the subprojects
+involved.
+</p></td></tr>
+<tr><td align="left" class="topsep"><p class="alttext">
+ <a href="mailto:sven.vermeulen@siphos.be" class="altlink"><b>Sven Vermeulen</b></a>
+<br><i>Author</i><br></p></td></tr>
+<tr lang="en"><td align="center" class="topsep">
+<p class="alttext"><b>Donate</b> to support our development efforts.
+ </p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
+</form>
+</td></tr>
+<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
+</table></td>
+</tr></table></td></tr>
+<tr><td colspan="2" align="right" class="infohead">
+Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
+</td></tr>
+</table></body>
+</html>
next reply other threads:[~2011-05-24 20:39 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-24 20:39 Sven Vermeulen [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-04-28 19:23 [gentoo-commits] proj/hardened-docs:master commit in: html/, html/selinux/ Francisco Blas Izquierdo Riera
2011-10-15 13:05 Sven Vermeulen
2011-09-04 19:54 Sven Vermeulen
2011-08-24 21:10 Sven Vermeulen
2011-05-15 9:11 Sven Vermeulen
2011-04-22 22:35 Sven Vermeulen
2011-04-22 19:18 Sven Vermeulen
2011-02-19 3:45 Francisco Blas Izquierdo Riera
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e160946c1c040608a82ccb115c198cbdbc297b2.SwifT@gentoo \
--to=sven.vermeulen@siphos.be \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox