[gentoo-commits] proj/hardened-docs:master commit in: html/, xml/

[gentoo-commits] proj/hardened-docs:master commit in: html/, xml/

[Francisco Blas Izquierdo Riera]

commit:     d92fb6da68771f6c927936e01abbf31274743454
Author:     klondike <klondike <AT> xiscosoft <DOT> es>
AuthorDate: Sun Feb  6 15:42:43 2011 +0000
Commit:     Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
CommitDate: Sun Feb  6 15:42:43 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=d92fb6da

Odd review was not fixed?

---
 html/roadmap.html |    8 ++++----
 xml/roadmap.xml   |    8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/html/roadmap.html b/html/roadmap.html
index a671533..5925cf0 100644
--- a/html/roadmap.html
+++ b/html/roadmap.html
@@ -199,25 +199,25 @@ run.
   </tr>
   <tr>
     <td class="tableinfo">3.6.X</td>
-<td class="tableinfo">Ye</td>
+<td class="tableinfo">Yes</td>
 <td class="tableinfo">Yes</td>
 <td class="tableinfo">x86 amd64</td>
   </tr>
   <tr>
     <td class="tableinfo">4.3.X</td>
-<td class="tableinfo">Ye</td>
+<td class="tableinfo">Yes</td>
 <td class="tableinfo">Yes</td>
 <td class="tableinfo">x86 amd64</td>
   </tr>
   <tr>
     <td class="tableinfo">4.4.X</td>
-<td class="tableinfo">Ye</td>
+<td class="tableinfo">Yes</td>
 <td class="tableinfo">Yes</td>
 <td class="tableinfo">x86 amd64 arm ppc ppc64 ia64</td>
   </tr>
   <tr>
     <td class="tableinfo">4.5.X</td>
-<td class="tableinfo">Ye</td>
+<td class="tableinfo">Yes</td>
 <td class="tableinfo">Yes</td>
 <td class="tableinfo">x86 amd64 arm ppc ppc64 ia64</td>
   </tr>

diff --git a/xml/roadmap.xml b/xml/roadmap.xml
index 79ed774..e9cc26a 100644
--- a/xml/roadmap.xml
+++ b/xml/roadmap.xml
@@ -258,16 +258,16 @@ run.
     <th>GCC version</th><th>Support PIE</th><th>Support SSP</th><th>Arch</th>
   </tr>
   <tr>
-    <ti>3.6.X</ti><ti>Ye</ti><ti>Yes</ti><ti>x86 amd64</ti>
+    <ti>3.6.X</ti><ti>Yes</ti><ti>Yes</ti><ti>x86 amd64</ti>
   </tr>
   <tr>
-    <ti>4.3.X</ti><ti>Ye</ti><ti>Yes</ti><ti>x86 amd64</ti>
+    <ti>4.3.X</ti><ti>Yes</ti><ti>Yes</ti><ti>x86 amd64</ti>
   </tr>
   <tr>
-    <ti>4.4.X</ti><ti>Ye</ti><ti>Yes</ti><ti>x86 amd64 arm ppc ppc64 ia64</ti>
+    <ti>4.4.X</ti><ti>Yes</ti><ti>Yes</ti><ti>x86 amd64 arm ppc ppc64 ia64</ti>
   </tr>
   <tr>
-    <ti>4.5.X</ti><ti>Ye</ti><ti>Yes</ti><ti>x86 amd64 arm ppc ppc64 ia64</ti>
+    <ti>4.5.X</ti><ti>Yes</ti><ti>Yes</ti><ti>x86 amd64 arm ppc ppc64 ia64</ti>
   </tr>
 </table>
 

[gentoo-commits] proj/hardened-docs:master commit in: html/, xml/

[Francisco Blas Izquierdo Riera]

commit:     41a5e07255359938c67683a5bbf0bbf98b7376ea
Author:     klondike <klondike <AT> xiscosoft <DOT> es>
AuthorDate: Fri Feb 18 07:10:06 2011 +0000
Commit:     Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
CommitDate: Fri Feb 18 07:10:06 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=41a5e072

Forgot to add some input marks.

---
 html/hardenedfaq.html |   14 +++++++-------
 xml/hardenedfaq.xml   |   14 +++++++-------
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/html/hardenedfaq.html b/html/hardenedfaq.html
index 3ecd556..381fafc 100644
--- a/html/hardenedfaq.html
+++ b/html/hardenedfaq.html
@@ -135,7 +135,7 @@ You can use <span class="code" dir="ltr">gcc-config</span> to accomplish this:
 <a name="doc_chap2_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing2.1: Example gcc-config output</p></td></tr>
 <tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-# gcc-config -l 
+# <span class="code-input">gcc-config -l</span>
  [1] x86_64-pc-linux-gnu-4.4.4 *
  [2] x86_64-pc-linux-gnu-4.4.4-hardenednopie
  [3] x86_64-pc-linux-gnu-4.4.4-hardenednopiessp
@@ -143,13 +143,13 @@ You can use <span class="code" dir="ltr">gcc-config</span> to accomplish this:
  [5] x86_64-pc-linux-gnu-4.4.4-vanilla
  
 <span class="code-comment">To turn off PIE building switch to the hardenednopie profile:</span>
-# gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednopie
+# <span class="code-input">gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednopie</span>
 <span class="code-comment">To turn off SSP building switch to the hardenednossp profile:</span>
-# gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednossp
+# <span class="code-input">gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednossp</span>
 <span class="code-comment">To turn off SSP and PIE building switch to the hardenednopiessp profile:</span>
-# gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednopiessp
+# <span class="code-input">gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednopiessp</span>
 <span class="code-comment">To turn off all hardened building switch to the vanilla profile:</span>
-# gcc-config x86_64-pc-linux-gnu-4.4.4-vanilla
+# <span class="code-input">gcc-config x86_64-pc-linux-gnu-4.4.4-vanilla</span>
 </pre></td></tr>
 </table>
 <table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#bbffbb"><p class="note"><b>Note: </b>
@@ -262,14 +262,14 @@ toolchain so that you have a consistent base:
 <tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
 # <span class="code-input">emerge --oneshot binutils gcc virtual/libc</span>
 <span class="code-comment">Make sure the hardened toolchain is being used (gcc version may vary):</span>
-# gcc-config -l 
+# <span class="code-input">gcc-config -l</span>
  [1] x86_64-pc-linux-gnu-4.4.4 *
  [2] x86_64-pc-linux-gnu-4.4.4-hardenednopie
  [3] x86_64-pc-linux-gnu-4.4.4-hardenednopiessp
  [4] x86_64-pc-linux-gnu-4.4.4-hardenednossp
  [5] x86_64-pc-linux-gnu-4.4.4-vanilla
 <span class="code-comment">If the hardened version isn't chosen select it</span>
-# gcc-config x86_64-pc-linux-gnu-4.4.4
+# <span class="code-input">gcc-config x86_64-pc-linux-gnu-4.4.4</span>
 <span class="code-comment">Keep emerging the system</span>
 # <span class="code-input">emerge -e --keep-going system</span>
 # <span class="code-input">emerge -e --keep-going world</span>

diff --git a/xml/hardenedfaq.xml b/xml/hardenedfaq.xml
index f17ca22..a424dfb 100644
--- a/xml/hardenedfaq.xml
+++ b/xml/hardenedfaq.xml
@@ -143,7 +143,7 @@ off and on of the toolchain. To access the specs as the end user you can use the
 You can use <c>gcc-config</c> to accomplish this:
 </p>
 <pre caption="Example gcc-config output">
-# gcc-config -l 
+# <i>gcc-config -l</i>
  [1] x86_64-pc-linux-gnu-4.4.4 *
  [2] x86_64-pc-linux-gnu-4.4.4-hardenednopie
  [3] x86_64-pc-linux-gnu-4.4.4-hardenednopiessp
@@ -151,13 +151,13 @@ You can use <c>gcc-config</c> to accomplish this:
  [5] x86_64-pc-linux-gnu-4.4.4-vanilla
  
 <comment>To turn off PIE building switch to the hardenednopie profile:</comment>
-# gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednopie
+# <i>gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednopie</i>
 <comment>To turn off SSP building switch to the hardenednossp profile:</comment>
-# gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednossp
+# <i>gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednossp</i>
 <comment>To turn off SSP and PIE building switch to the hardenednopiessp profile:</comment>
-# gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednopiessp
+# <i>gcc-config x86_64-pc-linux-gnu-4.4.4-hardenednopiessp</i>
 <comment>To turn off all hardened building switch to the vanilla profile:</comment>
-# gcc-config x86_64-pc-linux-gnu-4.4.4-vanilla
+# <i>gcc-config x86_64-pc-linux-gnu-4.4.4-vanilla</i>
 </pre>
 
 <note>
@@ -301,14 +301,14 @@ toolchain so that you have a consistent base:
 <pre caption="Switch to hardened toolchain">
 # <i>emerge --oneshot binutils gcc virtual/libc</i>
 <comment>Make sure the hardened toolchain is being used (gcc version may vary):</comment>
-# gcc-config -l 
+# <i>gcc-config -l</i>
  [1] x86_64-pc-linux-gnu-4.4.4 *
  [2] x86_64-pc-linux-gnu-4.4.4-hardenednopie
  [3] x86_64-pc-linux-gnu-4.4.4-hardenednopiessp
  [4] x86_64-pc-linux-gnu-4.4.4-hardenednossp
  [5] x86_64-pc-linux-gnu-4.4.4-vanilla
 <comment>If the hardened version isn't chosen select it</comment>
-# gcc-config x86_64-pc-linux-gnu-4.4.4
+# <i>gcc-config x86_64-pc-linux-gnu-4.4.4</i>
 <comment>Keep emerging the system</comment>
 # <i>emerge -e --keep-going system</i>
 # <i>emerge -e --keep-going world</i>

[gentoo-commits] proj/hardened-docs:master commit in: html/, xml/

[Sven Vermeulen]

commit:     2deed23dc3797c4e467d351bb48a14375f48b15f
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Jun  1 19:57:53 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Jun  1 19:57:53 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=2deed23d

Update roadmap, update previews

---
 html/roadmap.html     |   16 +++++++++++++++-
 html/selinux-faq.html |    9 +++++----
 xml/roadmap.xml       |   16 +++++++++++++++-
 3 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/html/roadmap.html b/html/roadmap.html
index 1f74223..8a3e0e1 100644
--- a/html/roadmap.html
+++ b/html/roadmap.html
@@ -274,7 +274,7 @@ is being updated as the state evolves, but can still improve.
 <tr>
   <td class="tableinfo">Stabilize the userland tools and libraries</td>
   <td class="tableinfo">2011-05-24</td>
-  <td class="tableinfo"><span class="code-variable">Slight delay</span></td>
+  <td class="tableinfo">Done</td>
   <td class="tableinfo">blueness, SwifT</td>
   <td class="tableinfo"></td>
 </tr>
@@ -288,12 +288,26 @@ is being updated as the state evolves, but can still improve.
   <td class="tableinfo"><a href="https://bugs.gentoo.org/368199">#368199</a></td>
 </tr>
 <tr>
+  <td class="tableinfo">Improve QA on SELinux packages (f.i. migrate patchbundles away from filesdir)</td>
+  <td class="tableinfo">2011-06-14</td>
+  <td class="tableinfo"><span class="code-keyword">On track</span></td>
+  <td class="tableinfo">SwifT</td>
+  <td class="tableinfo"></td>
+</tr>
+<tr>
   <td class="tableinfo">Stabilize the new SELinux profile structure</td>
   <td class="tableinfo">2011-06-28</td>
   <td class="tableinfo"><span class="code-keyword">On track</span></td>
   <td class="tableinfo">blueness</td>
   <td class="tableinfo"><a href="https://bugs.gentoo.org/365483">#365483</a></td>
 </tr>
+<tr>
+  <td class="tableinfo">Add support for MCS (driver is virtualization)</td>
+  <td class="tableinfo">2011-07-15</td>
+  <td class="tableinfo"><span class="code-keyword">On track</span></td>
+  <td class="tableinfo">SwifT</td>
+  <td class="tableinfo"></td>
+</tr>
 </table>
 <br><br>
 </td>

diff --git a/html/selinux-faq.html b/html/selinux-faq.html
index 3a94091..f202d8b 100644
--- a/html/selinux-faq.html
+++ b/html/selinux-faq.html
@@ -129,9 +129,10 @@ like we will eventually support these file systems on SELinux fully as well.
 </p>
 <p class="secthead"><a name="nomultilib"></a><a name="doc_chap2_sect6">Can I use SELinux with AMD64 no-multilib?</a></p>
 <p>
-Theoretically, definitely. However, the current selinux profiles in the Portage
-tree are not no-multilib capable. Work is on the way however to make the
-profiles more flexible and support no-multilib soon.
+Yes. However, for the time being, it is only supported through developer
+profiles, meaning that the profiles should not be seen as very stable (their
+content can still change swiftly). Try out
+<span class="code" dir="ltr">hardened/linux/amd64/no-multilib/selinux</span> and tell us what you get.
 </p>
 <p class="secthead"><a name="ubac"></a><a name="doc_chap2_sect7">What is UBAC exactly?</a></p>
 <p>
@@ -470,7 +471,7 @@ Another fix would be to disable UBAC completely. This is accomplished with
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux-faq.xml?style=printable">Print</a></p></td></tr>
-<tr><td class="topsep" align="center"><p class="alttext">Updated May 14, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated June 1, 2011</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 Frequently Asked Questions on SELinux integration with Gentoo Hardened.
 The FAQ is a collection of solutions found on IRC, mailinglist, forums or 

diff --git a/xml/roadmap.xml b/xml/roadmap.xml
index e9d8839..d6ef1aa 100644
--- a/xml/roadmap.xml
+++ b/xml/roadmap.xml
@@ -416,7 +416,7 @@ is being updated as the state evolves, but can still improve.
 <tr>
   <ti>Stabilize the userland tools and libraries</ti>
   <ti>2011-05-24</ti>
-  <ti><var>Slight delay</var></ti>
+  <ti>Done</ti>
   <ti>blueness, SwifT</ti>
   <ti />
 </tr>
@@ -430,12 +430,26 @@ is being updated as the state evolves, but can still improve.
   <ti><uri link="https://bugs.gentoo.org/368199">#368199</uri></ti>
 </tr>
 <tr>
+  <ti>Improve QA on SELinux packages (f.i. migrate patchbundles away from filesdir)</ti>
+  <ti>2011-06-14</ti>
+  <ti><keyword>On track</keyword></ti>
+  <ti>SwifT</ti>
+  <ti />
+</tr>
+<tr>
   <ti>Stabilize the new SELinux profile structure</ti>
   <ti>2011-06-28</ti>
   <ti><keyword>On track</keyword></ti>
   <ti>blueness</ti>
   <ti><uri link="https://bugs.gentoo.org/365483">#365483</uri></ti>
 </tr>
+<tr>
+  <ti>Add support for MCS (driver is virtualization)</ti>
+  <ti>2011-07-15</ti>
+  <ti><keyword>On track</keyword></ti>
+  <ti>SwifT</ti>
+  <ti></ti>
+</tr>
 </table>
 
 </body>

[gentoo-commits] proj/hardened-docs:master commit in: html/, xml/

[Michael Palimaka]

commit:     fb010c56f2e220404d281dfeef0eb90cff66ad45
Author:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 17 19:50:14 2013 +0000
Commit:     Michael Palimaka <kensington <AT> gentoo <DOT> org>
CommitDate: Wed Apr 17 19:50:14 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=fb010c56

AppArmor guide has been moved to the wiki.

---
 html/apparmor.html |  222 ----------------------------------------------------
 xml/apparmor.xml   |  204 -----------------------------------------------
 2 files changed, 0 insertions(+), 426 deletions(-)

diff --git a/html/apparmor.html b/html/apparmor.html
deleted file mode 100644
index 291adb9..0000000
--- a/html/apparmor.html
+++ /dev/null
@@ -1,222 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
-<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
-<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
-<title>Gentoo Linux Documentation
---
-  Gentoo AppArmor Guide</title>
-</head>
-<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
-<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
-<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
-<td width="99%" class="content" valign="top" align="left">
-<table class="ncontent" align="center" width="90%" border="2px" cellspacing="0" cellpadding="4px"><tr><td bgcolor="#ddddff"><p class="note"><b>Disclaimer : </b>
-    This document is a work in progress and should not be considered official yet.
-  </p></td></tr></table>
-<br><h1>Gentoo AppArmor Guide</h1>
-<form name="contents" action="http://www.gentoo.org">
-<b>Content</b>:
-        <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Introduction</option>
-<option value="#doc_chap2">2. Initial setup</option>
-<option value="#doc_chap3">3. Working with profiles</option></select>
-</form>
-<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
-            </span>Introduction</p>
-<p>
-AppArmor is a Linux Security Module implementation, working around the concept of adding rules to file paths.
-</p>
-<p>
-For each file path you specify, AppArmor will permit it only the permissions you grant.
-</p>
-<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
-<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Sample profile</p></td></tr>
-<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-# ------------------------------------------------------------------
-#    Copyright (C) 2002-2009 Novell/SUSE
-#    Copyright (C) 2010 Canonical Ltd.
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-# ------------------------------------------------------------------
-
-#include &lt;tunables/global&gt;
-
-/sbin/klogd {
-  #include &lt;abstractions/base&gt;
-
-  capability sys_admin, # for backward compatibility with kernel &lt;= 2.6.37
-  capability syslog,
-
-  network inet stream,
-
-  /boot/System.map*     r,
-  @{PROC}/kmsg          r,
-  @{PROC}/kallsyms      r,
-  /dev/tty              rw,
-
-  /sbin/klogd           rmix,
-  /var/log/boot.msg     rwl,
-  /{,var/}run/klogd.pid    krwl,
-  /{,var/}run/klogd/klogd.pid krwl,
-  /{,var/}run/klogd/kmsg   r,
-}
-</pre></td></tr>
-</table>
-<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
-            </span>Initial setup</p>
-<p class="secthead"><a name="doc_chap2_sect1">Kernel patching</a></p>
-<p>
-From Linux 3.4, improved AppArmor support has been merged into the kernel. For the best experience, however,
-it is recommended to patch your kernel with additional support. Without patching, it will only be possible to activate
-profiles - deactivation, listing, init script etc. will not work.
-</p>
-<p>
-The required patches are included in the AppArmor tarball. If you are using a grsec enabled kernel, such as <span class="code" dir="ltr">hardened-sources</span>,
-the patches will not cleanly apply. For convenience, a rebased version of the patches is
-<a href="https://github.com/kensington/apparmor-grsec/tarball/master">available</a>.
-</p>
-<p class="secthead"><a name="doc_chap2_sect2">Install utilities</a></p>
-<p>
-The AppArmor userspace utilities currently live in the
-<a href="http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary">Hardened development overlay</a>.
-You should install layman, and then add the <span class="code" dir="ltr">hardened-dev</span> overlay:
-
-<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
-<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Install userspace utilities</p></td></tr>
-<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-# <span class="code-input">layman -a hardened-dev</span>
-# <span class="code-input">emerge apparmor-utils</span>
-<span class="code-comment">You will probably also wish to install some profiles to get started:</span>
-# <span class="code-input">emerge apparmor-profiles</span>
-</pre></td></tr>
-</table>
-
-</p>
-<p class="secthead"><a name="doc_chap2_sect3">Further configuration</a></p>
-<p>
-You may wish to edit the configuation files located in <span class="code" dir="ltr">/etc/apparmor</span>, however
-the default values will suit most users.
-</p>
-<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
-            </span>Working with profiles</p>
-<p>
-Profiles are stored as simple text files in <span class="code" dir="ltr">/etc/apparmor.d</span>. They may take any name, and may be stored
-in subdirectories - you may organise them however it suits you.
-</p>
-<a name="doc_chap3_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
-<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing3.1: Sample profile directory listing</p></td></tr>
-<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-/etc/apparmor.d $ <span class="code-input">ls</span>
-abstractions  program-chunks  usr.lib.apache2.mpm-prefork.apache2  usr.lib.dovecot.managesieve-login  usr.sbin.dovecot  usr.sbin.nscd
-apache2.d     sbin.klogd      usr.lib.dovecot.deliver              usr.lib.dovecot.pop3               usr.sbin.identd   usr.sbin.ntpd
-bin.ping      sbin.syslog-ng  usr.lib.dovecot.dovecot-auth         usr.lib.dovecot.pop3-login         usr.sbin.lspci    usr.sbin.smbd
-disable       sbin.syslogd    usr.lib.dovecot.imap                 usr.sbin.avahi-daemon              usr.sbin.mdnsd    usr.sbin.smbldap-useradd
-local         tunables        usr.lib.dovecot.imap-login           usr.sbin.dnsmasq                   usr.sbin.nmbd     usr.sbin.traceroute
-</pre></td></tr>
-</table>
-<p>
-Profiles are referred to by name, including any parent subdirectories if present.
-</p>
-<p class="secthead"><a name="doc_chap3_sect2">Manual control</a></p>
-<p>
-To activate a profile, simply set it to enforce mode.
-<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
-<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Manual profile activation</p></td></tr>
-<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-# <span class="code-input">aa-enforce usr.sbin.dnsmasq</span>
-Setting /etc/apparmor.d/usr.sbin.dnsmasq to enforce mode.
-</pre></td></tr>
-</table>
-</p>
-<p>
-Similarly, to deactive a profile, simply set it to complain mode.
-<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
-<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Manual profile deactivation</p></td></tr>
-<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-# <span class="code-input">aa-complain usr.sbin.dnsmasq</span>
-Setting /etc/apparmor.d/usr.sbin.dnsmasq to complain mode.
-</pre></td></tr>
-</table>
-</p>
-<p>
-The current status of your profiles may be viewed using <span class="code" dir="ltr">aa-status</span>.
-<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
-<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Profile status listing</p></td></tr>
-<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-# <span class="code-input">aa-status</span>
-apparmor module is loaded.
-6 profiles are loaded.
-5 profiles are in enforce mode.
-   /bin/ping
-   /sbin/klogd
-   /sbin/syslog-ng
-   /usr/sbin/dnsmasq
-   /usr/sbin/identd
-1 profiles are in complain mode.
-   /usr/sbin/lspci
-1 processes have profiles defined.
-1 processes are in enforce mode.
-   /usr/sbin/dnsmasq (12905)
-0 processes are in complain mode.
-0 processes are unconfined but have a profile defined.
-</pre></td></tr>
-</table>
-</p>
-<p class="secthead"><a name="doc_chap3_sect3">Automatic control</a></p>
-<p>
-The provided init script will automatically load all profiles located in your profile directory.
-Unless specifically specified otherwise, each profile will be loaded in enforce mode.
-</p>
-<br><p class="copyright">
-	The contents of this document, unless otherwise expressly stated, are
-	licensed under the <a href="http://creativecommons.org/licenses/by-sa/3.0">CC-BY-SA-3.0</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
-  </p>
-<!--
-  <rdf:RDF xmlns="http://web.resource.org/cc/"
-      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
-  
-  <License rdf:about="http://creativecommons.org/licenses/by-sa/3.0/">
-    
-     <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
-     <permits rdf:resource="http://web.resource.org/cc/Distribution" />
-     <requires rdf:resource="http://web.resource.org/cc/Notice" />
-     <requires rdf:resource="http://web.resource.org/cc/Attribution" />
-     <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
-     <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
-  </License>
-  </rdf:RDF>
---><br>
-</td>
-<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="apparmor.xml?style=printable">Print</a></p></td></tr>
-<tr><td class="topsep" align="center"><p class="alttext">Page updated July 10, 2012</p></td></tr>
-<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
-This guide provides a brief overview of AppArmor, and gives information
-on how to install and configure it on Gentoo.
-</p></td></tr>
-<tr><td align="left" class="topsep"><p class="alttext">
-    <a href="mailto:kensington@gentoo.org" class="altlink"><b>Michael Palimaka</b></a>
-<br><i>Author</i><br></p></td></tr>
-<tr lang="en"><td align="center" class="topsep">
-<p class="alttext"><b>Donate</b> to support our development efforts.
-        </p>
-<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
-<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
-</form>
-</td></tr>
-<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
-</table></td>
-</tr></table></td></tr>
-<tr><td colspan="2" align="right" class="infohead">
-Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
-</td></tr>
-</table></body>
-</html>

diff --git a/xml/apparmor.xml b/xml/apparmor.xml
deleted file mode 100644
index 032f1f3..0000000
--- a/xml/apparmor.xml
+++ /dev/null
@@ -1,204 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
-<!-- $Header$ -->
-
-<guide disclaimer="draft" link="apparmor.xml" lang="en">
-<title>Gentoo AppArmor Guide</title>
-
-<author title="Author">
-    <mail link="kensington@gentoo.org">Michael Palimaka</mail>
-</author>
-
-<abstract>
-This guide provides a brief overview of AppArmor, and gives information
-on how to install and configure it on Gentoo.
-</abstract>
-
-<!-- The content of this document is licensed under the CC-BY-SA license -->
-<!-- See http://creativecommons.org/licenses/by-sa/3.0 -->
-<license version="3.0"/>
-
-<version>1</version>
-<date>2012-07-10</date>
-
-<chapter>
-<title>Introduction</title>
-
-<section>
-<body>
-<p>
-AppArmor is a Linux Security Module implementation, working around the concept of adding rules to file paths.
-</p>
-<p>
-For each file path you specify, AppArmor will permit it only the permissions you grant.
-</p>
-<pre caption="Sample profile">
-# ------------------------------------------------------------------
-#    Copyright (C) 2002-2009 Novell/SUSE
-#    Copyright (C) 2010 Canonical Ltd.
-#
-#    This program is free software; you can redistribute it and/or
-#    modify it under the terms of version 2 of the GNU General Public
-#    License published by the Free Software Foundation.
-# ------------------------------------------------------------------
-
-#include &lt;tunables/global&gt;
-
-/sbin/klogd {
-  #include &lt;abstractions/base&gt;
-
-  capability sys_admin, # for backward compatibility with kernel &lt;= 2.6.37
-  capability syslog,
-
-  network inet stream,
-
-  /boot/System.map*     r,
-  @{PROC}/kmsg          r,
-  @{PROC}/kallsyms      r,
-  /dev/tty              rw,
-
-  /sbin/klogd           rmix,
-  /var/log/boot.msg     rwl,
-  /{,var/}run/klogd.pid    krwl,
-  /{,var/}run/klogd/klogd.pid krwl,
-  /{,var/}run/klogd/kmsg   r,
-}
-</pre>
-</body>
-</section>
-
-</chapter>
-
-<chapter>
-<title>Initial setup</title>
-
-<section>
-<title>Kernel patching</title>
-<body>
-<p>
-From Linux 3.4, improved AppArmor support has been merged into the kernel. For the best experience, however,
-it is recommended to patch your kernel with additional support. Without patching, it will only be possible to activate
-profiles - deactivation, listing, init script etc. will not work.
-</p>
-<p>
-The required patches are included in the AppArmor tarball. If you are using a grsec enabled kernel, such as <c>hardened-sources</c>,
-the patches will not cleanly apply. For convenience, a rebased version of the patches is
-<uri link="https://github.com/kensington/apparmor-grsec/tarball/master">available</uri>.
-</p>
-</body>
-</section>
-
-<section>
-<title>Install utilities</title>
-<body>
-<p>
-The AppArmor userspace utilities currently live in the
-<uri link="http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary">Hardened development overlay</uri>.
-You should install layman, and then add the <c>hardened-dev</c> overlay:
-
-<pre caption="Install userspace utilities">
-# <i>layman -a hardened-dev</i>
-# <i>emerge apparmor-utils</i>
-<comment>You will probably also wish to install some profiles to get started:</comment>
-# <i>emerge apparmor-profiles</i>
-</pre>
-
-</p>
-</body>
-</section>
-
-<section>
-<title>Further configuration</title>
-<body>
-<p>
-You may wish to edit the configuation files located in <c>/etc/apparmor</c>, however
-the default values will suit most users.
-</p>
-</body>
-</section>
-
-</chapter>
-
-<chapter>
-<title>Working with profiles</title>
-
-<section>
-<body>
-<p>
-Profiles are stored as simple text files in <c>/etc/apparmor.d</c>. They may take any name, and may be stored
-in subdirectories - you may organise them however it suits you.
-</p>
-
-<pre caption="Sample profile directory listing">
-/etc/apparmor.d $ <i>ls</i>
-abstractions  program-chunks  usr.lib.apache2.mpm-prefork.apache2  usr.lib.dovecot.managesieve-login  usr.sbin.dovecot  usr.sbin.nscd
-apache2.d     sbin.klogd      usr.lib.dovecot.deliver              usr.lib.dovecot.pop3               usr.sbin.identd   usr.sbin.ntpd
-bin.ping      sbin.syslog-ng  usr.lib.dovecot.dovecot-auth         usr.lib.dovecot.pop3-login         usr.sbin.lspci    usr.sbin.smbd
-disable       sbin.syslogd    usr.lib.dovecot.imap                 usr.sbin.avahi-daemon              usr.sbin.mdnsd    usr.sbin.smbldap-useradd
-local         tunables        usr.lib.dovecot.imap-login           usr.sbin.dnsmasq                   usr.sbin.nmbd     usr.sbin.traceroute
-</pre>
-
-<p>
-Profiles are referred to by name, including any parent subdirectories if present.
-</p>
-</body>
-</section>
-
-<section>
-<title>Manual control</title>
-<body>
-
-<p>
-To activate a profile, simply set it to enforce mode.
-<pre caption="Manual profile activation">
-# <i>aa-enforce usr.sbin.dnsmasq</i>
-Setting /etc/apparmor.d/usr.sbin.dnsmasq to enforce mode.
-</pre>
-</p>
-
-<p>
-Similarly, to deactive a profile, simply set it to complain mode.
-<pre caption="Manual profile deactivation">
-# <i>aa-complain usr.sbin.dnsmasq</i>
-Setting /etc/apparmor.d/usr.sbin.dnsmasq to complain mode.
-</pre>
-</p>
-
-<p>
-The current status of your profiles may be viewed using <c>aa-status</c>.
-<pre caption="Profile status listing">
-# <i>aa-status</i>
-apparmor module is loaded.
-6 profiles are loaded.
-5 profiles are in enforce mode.
-   /bin/ping
-   /sbin/klogd
-   /sbin/syslog-ng
-   /usr/sbin/dnsmasq
-   /usr/sbin/identd
-1 profiles are in complain mode.
-   /usr/sbin/lspci
-1 processes have profiles defined.
-1 processes are in enforce mode.
-   /usr/sbin/dnsmasq (12905)
-0 processes are in complain mode.
-0 processes are unconfined but have a profile defined.
-</pre>
-</p>
-
-</body>
-</section>
-
-<section>
-<title>Automatic control</title>
-<body>
-<p>
-The provided init script will automatically load all profiles located in your profile directory.
-Unless specifically specified otherwise, each profile will be loaded in enforce mode.
-</p>
-</body>
-</section>
-
-</chapter>
-
-</guide>