[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[Francisco Blas Izquierdo Riera]

commit:     a6bdccfbce328ffbd9a18b3966f1cdc98edc2839
Author:     klondike <klondike <AT> xiscosoft <DOT> es>
AuthorDate: Sat Feb 19 03:12:30 2011 +0000
Commit:     Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
CommitDate: Sat Feb 19 03:12:30 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=a6bdccfb

Updating previews

---
 html/selinux/index.html |   49 +++++++++++++++++++++++++++++++++++++---------
 1 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/html/selinux/index.html b/html/selinux/index.html
index 1f3b937..274938a 100644
--- a/html/selinux/index.html
+++ b/html/selinux/index.html
@@ -24,11 +24,12 @@
 <option value="#doc_chap2">2. Project Goals</option>
 <option value="#doc_chap3">3. What is SELinux?</option>
 <option value="#doc_chap4">4. Developers</option>
-<option value="#doc_chap5">5. Subprojects</option>
-<option value="#doc_chap6">6. Planned subprojects</option>
-<option value="#doc_chap7">7. Resources</option>
-<option value="#doc_chap8">8. How Do I Use This?</option>
-<option value="#doc_chap9">9. I Want to Participate</option></select>
+<option value="#doc_chap5">5. Contributors</option>
+<option value="#doc_chap6">6. Subprojects</option>
+<option value="#doc_chap7">7. Planned subprojects</option>
+<option value="#doc_chap8">8. Resources</option>
+<option value="#doc_chap9">9. How Do I Use This?</option>
+<option value="#doc_chap10">10. I Want to Participate</option></select>
 </form>
 <p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
             </span>Project Description</p>
@@ -76,11 +77,39 @@
             <td class="tableinfo">pebenito</td>
             <td class="tableinfo">Lead ( Policy, x86, AMD64 )</td>
           </tr>
+          <tr>
+            <td class="tableinfo"></td>
+            <td class="tableinfo">blueness</td>
+            <td class="tableinfo">Proxy ( non developer contributors )</td>
+          </tr>
         </table>
 <p>
        All developers can be reached by e-mail using <span class="code" dir="ltr">nickname@gentoo.org</span>.
       </p>
 <p class="chaphead"><a name="doc_chap5"></a><span class="chapnum">5.
+            </span>Contributors</p>
+<p>
+The following people although not developer is actively contributing with the
+project:
+</p>
+<table class="ntable">
+<tr>
+<td class="infohead"><b>Contributor</b></td>
+<td class="infohead"><b>Nickname</b></td>
+<td class="infohead"><b>Role</b></td>
+</tr>
+<tr>
+<td class="tableinfo">Chris Richards</td>
+<td class="tableinfo">gizmo</td>
+<td class="tableinfo">Policy development, support</td>
+</tr>
+<tr>
+<td class="tableinfo">Sven Vermeulen</td>
+<td class="tableinfo">SwifT</td>
+<td class="tableinfo">Documentation writting, support</td>
+</tr>
+</table>
+<p class="chaphead"><a name="doc_chap6"></a><span class="chapnum">6.
             </span>Subprojects</p>
 <p>The SELinux
 			project has the following subprojects:
@@ -121,7 +150,7 @@
 </td>
           </tr>
         </table>
-<p class="chaphead"><a name="doc_chap6"></a><span class="chapnum">6.
+<p class="chaphead"><a name="doc_chap7"></a><span class="chapnum">7.
             </span>Planned subprojects</p>
 <p>The SELinux
 			project has the following subprojects planned:
@@ -145,7 +174,7 @@
 </td>
           </tr>
         </table>
-<p class="chaphead"><a name="doc_chap7"></a><span class="chapnum">7.
+<p class="chaphead"><a name="doc_chap8"></a><span class="chapnum">8.
             </span>Resources</p>
 <p>Resources offered by the
 			SELinux
@@ -155,12 +184,12 @@
             <a href="selinux/selinux-handbook.html">Gentoo SELinux Handbook</a>
           </li>
         </ul>
-<p class="chaphead"><a name="doc_chap8"></a><span class="chapnum">8.
+<p class="chaphead"><a name="doc_chap9"></a><span class="chapnum">9.
             </span>How Do I Use This?</p>
 <p>
   SELinux can be installed on a new system by following the above install guide.
 </p>
-<p class="chaphead"><a name="doc_chap9"></a><span class="chapnum">9.
+<p class="chaphead"><a name="doc_chap10"></a><span class="chapnum">10.
             </span>I Want to Participate</p>
 <p>
   To participate in the SELinux project first join the mailing list at
@@ -174,7 +203,7 @@
   policies. All development, testing, feedback, and productive comments will
   be greatly appreciated.
 </p>
-<p class="secthead"><a name="doc_chap9_sect2">Policy Submissions</a></p>
+<p class="secthead"><a name="doc_chap10_sect2">Policy Submissions</a></p>
 <p>
   The critical component of a SELinux system is having a strong policy.  The
   team does its best to support as many daemons as possible.  However, we cannot

[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[Francisco Blas Izquierdo Riera]

commit:     f21960d8dac6ea02e66db638aa647dd7cec18f4e
Author:     klondike <klondike <AT> xiscosoft <DOT> es>
AuthorDate: Sat Feb 19 03:22:00 2011 +0000
Commit:     Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
CommitDate: Sat Feb 19 03:22:00 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=f21960d8

Updating previews

---
 html/selinux/index.html |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/html/selinux/index.html b/html/selinux/index.html
index 274938a..87691d0 100644
--- a/html/selinux/index.html
+++ b/html/selinux/index.html
@@ -79,8 +79,9 @@
           </tr>
           <tr>
             <td class="tableinfo"></td>
-            <td class="tableinfo">blueness</td>
-            <td class="tableinfo">Proxy ( non developer contributors )</td>
+            <td class="tableinfo">blueness
+</td>
+            <td class="tableinfo">Policy development, Proxy (non developer contributors)</td>
           </tr>
         </table>
 <p>
@@ -89,7 +90,7 @@
 <p class="chaphead"><a name="doc_chap5"></a><span class="chapnum">5.
             </span>Contributors</p>
 <p>
-The following people although not developer is actively contributing with the
+The following people although non-developer is actively contributing with the
 project:
 </p>
 <table class="ntable">
@@ -106,7 +107,7 @@ project:
 <tr>
 <td class="tableinfo">Sven Vermeulen</td>
 <td class="tableinfo">SwifT</td>
-<td class="tableinfo">Documentation writting, support</td>
+<td class="tableinfo">Documentation writing, support</td>
 </tr>
 </table>
 <p class="chaphead"><a name="doc_chap6"></a><span class="chapnum">6.

[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[Francisco Blas Izquierdo Riera]

commit:     2885048d5d96bf419bf389a2a71e2d34e3219141
Author:     klondike <klondike <AT> xiscosoft <DOT> es>
AuthorDate: Sat Feb 19 17:00:40 2011 +0000
Commit:     Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
CommitDate: Sat Feb 19 17:00:40 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=2885048d

Updating previews (and pushing dates and versions)

---
 html/selinux/index.html |   11 +++++------
 1 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/html/selinux/index.html b/html/selinux/index.html
index 2ee0997..4798084 100644
--- a/html/selinux/index.html
+++ b/html/selinux/index.html
@@ -50,12 +50,11 @@
 <p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
             </span>What is SELinux?</p>
 <p>
-  <a href="http://www.nsa.gov/selinux">Security-Enhanced Linux</a> (SELinux)
-  is a system of mandatory access control using type enforcement and role-based
-  access control. It is implemented as a
-  <a href="http://lsm.immunix.org/">Linux Security Module</a> (LSM).
-  In addition to the kernel portion, SELinux consists of a library (libselinux)
-  and userland utilities for compiling policy (checkpolicy), and loading policy
+  <a href="http://www.nsa.gov/research/selinux/index.shtml">Security-Enhanced
+  Linux</a> (SELinux) is a system of mandatory access control using type
+  enforcement and role-based access control. It is implemented as a <a href="http://lsm.immunix.org/">Linux Security Module</a> (LSM). In addition
+  to the kernel portion, SELinux consists of a library (libselinux) and userland
+  utilities for compiling policy (checkpolicy), and loading policy
   (policycoreutils), in addition to other user programs.
 </p>
 <p>

[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[Sven Vermeulen]

commit:     02d07bbfde01f5f222202bcd73fc208b66a74ded
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Apr 10 07:48:50 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Apr 10 07:48:50 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=02d07bbf

Update previews

---
 html/selinux/hb-using-install.html |   19 ++++++++++++++++++-
 1 files changed, 18 insertions(+), 1 deletions(-)

diff --git a/html/selinux/hb-using-install.html b/html/selinux/hb-using-install.html
index 416b00b..1e12fc6 100644
--- a/html/selinux/hb-using-install.html
+++ b/html/selinux/hb-using-install.html
@@ -76,6 +76,23 @@ Make sure to include layman's <span class="path" dir="ltr">make.conf</span> in y
 <span class="code-input">source /var/lib/layman/make.conf</span>
 </pre></td></tr>
 </table>
+<p class="secthead"><a name="doc_chap1_sect1">Switching to Python 2</a></p>
+<p>
+For now, the SELinux management utilities are not compatible with Python 3 so
+we recommend to switch to Python 2 until the packages are updated and fixed.
+</p>
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Switching to python 2</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+~# <span class="code-input">eselect python list</span>
+Available Python interpreters:
+  [1]   python2.7
+  [2]   python3.1 *
+
+~# <span class="code-input">eselect python set 1</span>
+~# <span class="code-input">source /etc/profile</span>
+</pre></td></tr>
+</table>
 <p class="secthead"><a name="doc_chap1_sect1">Optional: Setting the /tmp context</a></p>
 <p>
 If your <span class="path" dir="ltr">/tmp</span> location is a tmpfs-mounted file system, then you need
@@ -515,7 +532,7 @@ made.
 </p>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated March 9, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated April 10, 2011</p></td></tr>
 <tr lang="en"><td align="center" class="topsep">
 <p class="alttext"><b>Donate</b> to support our development efforts.
         </p>

[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[Sven Vermeulen]

commit:     6e189ac24974b13132afa3cf89a6226b5d0028bd
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue May 24 20:38:20 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue May 24 20:38:20 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=6e189ac2

Update previews

---
 html/selinux/index.html |   62 ++++++----------------------------------------
 1 files changed, 8 insertions(+), 54 deletions(-)

diff --git a/html/selinux/index.html b/html/selinux/index.html
index 1cd3b3f..ed9d56a 100644
--- a/html/selinux/index.html
+++ b/html/selinux/index.html
@@ -26,8 +26,7 @@
 <option value="#doc_chap4">4. Contributors</option>
 <option value="#doc_chap5">5. Subprojects</option>
 <option value="#doc_chap6">6. Resources</option>
-<option value="#doc_chap7">7. Roadmap</option>
-<option value="#doc_chap8">8. I Want to Participate</option></select>
+<option value="#doc_chap7">7. I Want to Participate</option></select>
 </form>
 <p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
             </span>Project Description</p>
@@ -182,59 +181,14 @@ Develop and maintain SELinux documentation specific to the Gentoo distribution
           <li>
             <a href="selinux-policy.html">Gentoo Hardened SELinux Development Policy</a>
           </li>
+          <li>
+            <a href="roadmap.html">Gentoo Hardened Roadmap (incl. SELinux development)</a>
+          </li>
+          <li>
+            <a href="support-state.html">Gentoo Hardened Support Matrices (incl. SELinux)</a>
+          </li>
         </ul>
 <p class="chaphead"><a name="doc_chap7"></a><span class="chapnum">7.
-            </span>Roadmap</p>
-<p>
-The following table depics the roadmap we have in mind for the Gentoo Hardened
-SELinux project:
-</p>
-<table class="ntable">
-<tr>
-  <td class="infohead"><b>Milestone</b></td>
-  <td class="infohead"><b>Progress</b></td>
-  
-  <td class="infohead"><b>Description</b></td>
-  <td class="infohead"><b>ETA</b></td>
-</tr>
-<tr>
-  <td class="tableinfo">Userland stabilization</td>
-  <td class="tableinfo"><span class="code-keyword">on track</span></td>
-  <td class="tableinfo">
-    Stabilize the SELinux userland utilities currently available in ~arch.
-    These utilities (and libraries) are needed to cover recent SELinux policies
-    and improve user experience within Gentoo Hardened SELinux
-  </td>
-  <td class="tableinfo">
-    2011-05-24
-  </td>
-</tr>
-<tr>
-  <td class="tableinfo">Policy stabilization</td>
-  <td class="tableinfo"><span class="code-keyword">on track</span></td>
-  <td class="tableinfo">
-    Stabilize the SELinux policies based on upstream 2.20101213. The current
-    stable policies are not compatible with the current Gentoo stable state
-    (such as openrc support, networking/wireless and more.)
-  </td>
-  <td class="tableinfo">
-    2011-06-07
-  </td>
-</tr>
-<tr>
-  <td class="tableinfo">Profile stabilization</td>
-  <td class="tableinfo"><span class="code-keyword">on track</span></td>
-  <td class="tableinfo">
-    Stabilize the restructured Gentoo SELinux profiles. The existing profiles
-    have proved to be a bit more daunting to manage whereas the new profiles are
-    made to be flexible yet simple to maintain.
-  </td>
-  <td class="tableinfo">
-    2011-06-28
-  </td>
-</tr>
-</table>
-<p class="chaphead"><a name="doc_chap8"></a><span class="chapnum">8.
             </span>I Want to Participate</p>
 <p>
 To participate in the SELinux project first join the mailing list at
@@ -248,7 +202,7 @@ contributing work we will always need testers to use and audit the SELinux
 policies. All development, testing, feedback, and productive comments will
 be greatly appreciated.
 </p>
-<p class="secthead"><a name="doc_chap8_sect2">Policy Submissions</a></p>
+<p class="secthead"><a name="doc_chap7_sect2">Policy Submissions</a></p>
 <p>
 The critical component of a SELinux system is having a strong policy.  The
 team does its best to support as many daemons as possible.  However, we cannot

[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[Sven Vermeulen]

commit:     b53fa7fbcbed84ecd3eacba62a2b009f5fda7216
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue May 31 20:26:03 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue May 31 20:26:03 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=b53fa7fb

Updating previews

---
 html/selinux/hb-appendix-reference.html |   22 +++++++++++++++++++++-
 html/selinux/hb-using-commands.html     |   20 ++++++++++++++++----
 html/selinux/hb-using-install.html      |    9 +--------
 3 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/html/selinux/hb-appendix-reference.html b/html/selinux/hb-appendix-reference.html
index 9743573..986c98f 100644
--- a/html/selinux/hb-appendix-reference.html
+++ b/html/selinux/hb-appendix-reference.html
@@ -63,9 +63,29 @@
     O'Reilly Media, 2004; ISBN 0596007167
   </li>
 </ul>
+<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
+            </span>Gentoo Specific Resources</p>
+<p class="secthead"><a name="doc_chap1_sect1">Gentoo Hardened</a></p>
+<p>
+The following resources are specific towards Gentoo Hardened's SELinux
+implementation. 
+</p>
+<ul>
+  <li>
+    <a href="selinux-faq.html">SELinux Frequently Asked
+    Questions</a>
+  </li>
+  <li>
+    <a href="selinux-development.html">SELinux Development
+    Guidelines</a>
+  </li>
+  <li>
+    <a href="selinux-policy.html">SELinux Policy</a>
+  </li>
+</ul>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated January 7, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
 <tr lang="en"><td align="center" class="topsep">
 <p class="alttext"><b>Donate</b> to support our development efforts.
         </p>

diff --git a/html/selinux/hb-using-commands.html b/html/selinux/hb-using-commands.html
index 50642a5..d9b6904 100644
--- a/html/selinux/hb-using-commands.html
+++ b/html/selinux/hb-using-commands.html
@@ -262,8 +262,14 @@ system_u            system_u
 </table>
 <p>
 The default behavior is that users are logged on as the <span class="emphasis">user_u</span> SELinux
-user. If you want to allow another user (say <span class="code" dir="ltr">anna</span>) to log on as
-<span class="code" dir="ltr">staff_u</span>:
+user. This SELinux user is a non-administrator user: it has no specific
+privileges and should be used for every account that never requires elevated
+privileges (so no <span class="code" dir="ltr">su</span> or <span class="code" dir="ltr">sudo</span> rights for anything).
+</p>
+<p>
+The account you use to administer your system should be mapped to the
+<span class="code" dir="ltr">staff_u</span> SELinux user (or its own user with the appropriate roles). This
+can be accomplished as follows (example with the Unix account <span class="emphasis">anna</span>):
 </p>
 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Letting 'anna' log on as 'staff_u'</p></td></tr>
@@ -271,8 +277,14 @@ user. If you want to allow another user (say <span class="code" dir="ltr">anna</
 ~# <span class="code-input">semanage login -a -s staff_u anna</span>
 </pre></td></tr>
 </table>
+<table class="ncontent" width="100%" border="0" cellspacing="0" cellpadding="0"><tr><td bgcolor="#ffffbb"><p class="note"><b>Important: </b>
+Make sure that whatever account you use to administer your system is mapped to
+the <span class="code" dir="ltr">staff_u</span> user, or has the ability to switch to the <span class="code" dir="ltr">sysadm_r</span>
+role. Portage only works from within the <span class="code" dir="ltr">sysadm_r</span> role.
+</p></td></tr></table>
 <p>
-SELinux users then can be configured to belong to one or more roles.
+As mentioned, SELinux users are configured to be able to join in on one or more
+roles. To list the available roles, you can use <span class="code" dir="ltr">semanage user -l</span>:
 </p>
 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Listing login / role mappings</p></td></tr>
@@ -340,7 +352,7 @@ require you to enter the regular users' password.
 </p>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated April 22, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
 <tr lang="en"><td align="center" class="topsep">
 <p class="alttext"><b>Donate</b> to support our development efforts.
         </p>

diff --git a/html/selinux/hb-using-install.html b/html/selinux/hb-using-install.html
index 6b41e61..2ce4dfe 100644
--- a/html/selinux/hb-using-install.html
+++ b/html/selinux/hb-using-install.html
@@ -119,13 +119,6 @@ the following settings to the right file (for instance
 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: SELinux ~arch packages</p></td></tr>
 <tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-sys-libs/libselinux
-sys-apps/policycoreutils
-sys-libs/libsemanage
-sys-libs/libsepol
-app-admin/setools
-dev-python/sepolgen
-sys-apps/checkpolicy
 sec-policy/*
 =sys-process/vixie-cron-4.1-r11
 </pre></td></tr>
@@ -586,7 +579,7 @@ made.
 </p>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated May 14, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
 <tr lang="en"><td align="center" class="topsep">
 <p class="alttext"><b>Donate</b> to support our development efforts.
         </p>

[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[Sven Vermeulen]

commit:     9ac37024484b464088dd7ad2dd29c66442f10a09
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Jun  2 11:58:39 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Thu Jun  2 11:58:39 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=9ac37024

Updating previews

---
 html/selinux/hb-intro-referencepolicy.html |    8 ++++-
 html/selinux/hb-using-install.html         |   42 +++++++++++++++++++++++++--
 html/selinux/hb-using-permissive.html      |    5 ++-
 3 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/html/selinux/hb-intro-referencepolicy.html b/html/selinux/hb-intro-referencepolicy.html
index 5ff648b..3adc3f9 100644
--- a/html/selinux/hb-intro-referencepolicy.html
+++ b/html/selinux/hb-intro-referencepolicy.html
@@ -216,11 +216,15 @@ following is an overview of the policy versions' history.
   <dt>Version 23</dt>
   <dd>Per-domain permissive mode (2.6.26 - 2.6.27)</dd>
   <dt>Version 24</dt>
-  <dd>Explicit hierarchy (type bounds) (2.6.28 - current)</dd>
+  <dd>Explicit hierarchy (type bounds) (2.6.28 - 2.6.38)</dd>
+  <dt>Version 25</dt>
+  <dd>Filename based transition support (2.6.39)</dd>
+  <dt>Version 26</dt>
+  <dd>Role transition support for non-process classes (3.0)</dd>
 </dl>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated December 1, 2010</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated June 2, 2011</p></td></tr>
 <tr lang="en"><td align="center" class="topsep">
 <p class="alttext"><b>Donate</b> to support our development efforts.
         </p>

diff --git a/html/selinux/hb-using-install.html b/html/selinux/hb-using-install.html
index 2ce4dfe..dadbab8 100644
--- a/html/selinux/hb-using-install.html
+++ b/html/selinux/hb-using-install.html
@@ -562,7 +562,7 @@ correctly. For instance, if you have installed
 ~# <span class="code-input">rlpkg -t screen</span>
 </pre></td></tr>
 </table>
-<p class="secthead"><a name="doc_chap1_sect1">Reboot</a></p>
+<p class="secthead"><a name="doc_chap1_sect1">Reboot and Set SELinux Booleans</a></p>
 <p>
 Reboot your system. Log on and, if you have indeed installed Gentoo using the
 hardened sources (as we recommended), enable the SSP SELinux boolean:
@@ -573,13 +573,47 @@ hardened sources (as we recommended), enable the SSP SELinux boolean:
 ~# <span class="code-input">setsebool -P global_ssp on</span>
 </pre></td></tr>
 </table>
+<p class="secthead"><a name="doc_chap1_sect1">Define the Administrator Accounts</a></p>
+<p>
+Finally, we need to map the account(s) you use to manage your system (those
+that need access to Portage) to the <span class="code" dir="ltr">staff_u</span> SELinux user. By default,
+users are mapped to the <span class="code" dir="ltr">user_u</span> SELinux user who doesn't have the
+appropriate rights (nor access to the appropriate roles) to manage a system.
+Accounts that are mapped to <span class="code" dir="ltr">staff_u</span> can, but might need to switch roles
+from <span class="code" dir="ltr">staff_r</span> to <span class="code" dir="ltr">sysadm_r</span> before they are granted the appropriate
+privileges.
+</p>
+<p>
+Assuming that your account name is <span class="emphasis">john</span>:
+</p>
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Mapping the Linux account john to the SELinux user staff_u</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+~# <span class="code-input">semanage login -a -s staff_u john</span>
+~# <span class="code-input">restorecon -R -F /home/john</span>
+</pre></td></tr>
+</table>
+<p>
+If you later log on as <span class="emphasis">john</span> and want to manage your system, you will
+probably need to switch your role. You can use <span class="code" dir="ltr">newrole</span> for this:
+</p>
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Switching roles</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+~$ <span class="code-input">id -Z</span>
+staff_u:staff_r:staff_t
+~$ <span class="code-input">newrole -r sysadm_r</span>
+Password: <span class="code-comment">(Enter your password)</span>
+~$ <span class="code-input">id -Z</span>
+staff_u:sysadm_r:sysadm_t
+</pre></td></tr>
+</table>
 <p>
-With that done, enjoy - your first steps into the SELinux world are now
-made.
+With that done, enjoy - your first steps into the SELinux world are now made.
 </p>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated June 2, 2011</p></td></tr>
 <tr lang="en"><td align="center" class="topsep">
 <p class="alttext"><b>Donate</b> to support our development efforts.
         </p>

diff --git a/html/selinux/hb-using-permissive.html b/html/selinux/hb-using-permissive.html
index 0285dde..d5e77aa 100644
--- a/html/selinux/hb-using-permissive.html
+++ b/html/selinux/hb-using-permissive.html
@@ -292,7 +292,8 @@ accordingly. For instance, say you have your <span class="path" dir="ltr">lvm.co
 <span class="path" dir="ltr">/etc</span> rather than <span class="path" dir="ltr">/etc/lvm</span> as the policy would expect,
 then you can still label the file correctly using <span class="code" dir="ltr">semanage</span>. With 
 <span class="code" dir="ltr">semanage</span>, you assign a correct security context unrelated to any
-module. It is a local setting - but which is persistent across reboots.
+module. It is a local setting - but which is persistent across reboots and
+relabelling activities.
 </p>
 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Setting a new file context using semanage</p></td></tr>
@@ -583,7 +584,7 @@ The same tool can be used to relabel the entire system:
 </table>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated April 22, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated June 2, 2011</p></td></tr>
 <tr lang="en"><td align="center" class="topsep">
 <p class="alttext"><b>Donate</b> to support our development efforts.
         </p>

[gentoo-commits] proj/hardened-docs:master commit in: html/selinux/

[Sven Vermeulen]

commit:     a5e141d0987510faeb01fd07aa51e694caf6ea44
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Jun  2 19:50:22 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Thu Jun  2 19:50:22 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=a5e141d0

update previews

---
 html/selinux/hb-using-install.html |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/html/selinux/hb-using-install.html b/html/selinux/hb-using-install.html
index dadbab8..e4129d4 100644
--- a/html/selinux/hb-using-install.html
+++ b/html/selinux/hb-using-install.html
@@ -119,7 +119,6 @@ the following settings to the right file (for instance
 <a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
 <tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: SELinux ~arch packages</p></td></tr>
 <tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
-sec-policy/*
 =sys-process/vixie-cron-4.1-r11
 </pre></td></tr>
 </table>