From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-351588-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QU278-0000Ju-Ho
	for garchives@archives.gentoo.org; Tue, 07 Jun 2011 19:38:58 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0BF7C1C135;
	Tue,  7 Jun 2011 19:38:40 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id C0FFB1C135
	for <gentoo-commits@lists.gentoo.org>; Tue,  7 Jun 2011 19:38:40 +0000 (UTC)
Received: from pelican.gentoo.org (unknown [66.219.59.40])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 187322AC009
	for <gentoo-commits@lists.gentoo.org>; Tue,  7 Jun 2011 19:38:40 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by pelican.gentoo.org (Postfix) with ESMTP id 784298003C
	for <gentoo-commits@lists.gentoo.org>; Tue,  7 Jun 2011 19:38:39 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <6427aa231d6f4b29d036c6c445dafd7ba93575ed.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/
X-VCS-Repository: proj/hardened-docs
X-VCS-Files: xml/selinux/hb-using-install.xml
X-VCS-Directories: xml/selinux/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 6427aa231d6f4b29d036c6c445dafd7ba93575ed
Date: Tue,  7 Jun 2011 19:38:39 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 2dbdf22fba659b3b30c752d3e2f18bc3

commit:     6427aa231d6f4b29d036c6c445dafd7ba93575ed
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Jun  7 19:37:40 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue Jun  7 19:37:40 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-docs=
.git;a=3Dcommit;h=3D6427aa23

Update on profiles

---
 xml/selinux/hb-using-install.xml |   39 ++++++++++++++++++++++----------=
-----
 1 files changed, 23 insertions(+), 16 deletions(-)

diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-inst=
all.xml
index b4fc8b0..05f3006 100644
--- a/xml/selinux/hb-using-install.xml
+++ b/xml/selinux/hb-using-install.xml
@@ -42,7 +42,8 @@ this chapter.
 <p>
 Install Gentoo Linux according to the <uri link=3D"/doc/en/handbook">Gen=
too
 Handbook</uri> installation instructions. We recommend the use of the ha=
rdened
-stage 3 tarballs instead of the standard ones. Perform a full installati=
on to
+stage 3 tarballs instead of the standard ones, but standard stage
+installations are also supported for SELinux. Perform a full installatio=
n to
 the point that you have booted your system into a (primitive) Gentoo bas=
e
 installation.
 </p>
@@ -156,7 +157,9 @@ the following settings to the right file (for instanc=
e
 <p>
 Now that you have a running Gentoo Linux installation, switch the Gentoo=
 profile
 to the right SELinux hardened profile (for instance,=20
-<path>selinux/v2refpolicy/amd64/hardened</path>).=20
+<path>hardened/linux/amd64/no-multilib/selinux</path>). Note that the ol=
der
+profiles (like <path>selinux/v2refpolicy/amd64/hardened</path>) are stil=
l
+supported though.
 </p>
=20
 <pre caption=3D"Switching the Gentoo profile">
@@ -168,18 +171,20 @@ Available profile symlink targets:
   [4]   default/linux/amd64/10.0/desktop/kde
   [5]   default/linux/amd64/10.0/developer
   [6]   default/linux/amd64/10.0/no-multilib
-  [7]   default/linux/amd64/10.0/server *
+  [7]   default/linux/amd64/10.0/server
   [8]   hardened/linux/amd64
-  [9]   hardened/linux/amd64/no-multilib
-  [10]  selinux/2007.0/amd64
-  [11]  selinux/2007.0/amd64/hardened
-  [12]  selinux/v2refpolicy/amd64
-  [13]  selinux/v2refpolicy/amd64/desktop
-  [14]  selinux/v2refpolicy/amd64/developer
-  [15]  selinux/v2refpolicy/amd64/hardened
-  [16]  selinux/v2refpolicy/amd64/server
-
-~# <i>eselect profile set 15</i>
+  [9]   hardened/linux/amd64/selinux
+  [10]  hardened/linux/amd64/no-multilib *
+  [11]  hardened/linux/amd64/no-multilib/selinux
+  [12]  selinux/2007.0/amd64
+  [13]  selinux/2007.0/amd64/hardened
+  [14]  selinux/v2refpolicy/amd64
+  [15]  selinux/v2refpolicy/amd64/desktop
+  [16]  selinux/v2refpolicy/amd64/developer
+  [17]  selinux/v2refpolicy/amd64/hardened
+  [18]  selinux/v2refpolicy/amd64/server
+
+~# <i>eselect profile set 11</i>
 </pre>
=20
 <note>
@@ -202,9 +207,11 @@ particular order which Portage isn't aware of in the=
 next couple of sections.
 <body>
=20
 <p>
-Edit your <path>/etc/make.conf</path> file and set
-<c>FEATURES=3D"-loadpolicy"</c>. The current SELinux profile enables the
-loadpolicy feature, but this isn't supported anymore so can be safely ig=
nored.
+Edit your <path>/etc/make.conf</path> file. If you ues the older SELinux
+profiles (like <path>selinux/v2refpolicy/amd64/hardened</path>), set
+<c>FEATURES=3D"-loadpolicy"</c>. These SELinux profiles enable the
+loadpolicy feature, but this isn't supported anymore so can be safely ig=
nored.=20
+More recent profiles do not set this anymore.
 </p>
=20
 <p>