From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RZNTP-00030A-0U for garchives@archives.gentoo.org; Sat, 10 Dec 2011 14:00:19 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A6B6421C096; Sat, 10 Dec 2011 14:00:11 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 6092421C096 for ; Sat, 10 Dec 2011 14:00:11 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id BF1001B404B for ; Sat, 10 Dec 2011 14:00:10 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id BE00580042 for ; Sat, 10 Dec 2011 14:00:09 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/ X-VCS-Repository: proj/hardened-docs X-VCS-Files: xml/selinux/hb-using-install.xml X-VCS-Directories: xml/selinux/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: b5a820ed211f8fb84d84c6889f9b0bb9204544e4 Date: Sat, 10 Dec 2011 14:00:09 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 9004390b-f2e3-42d6-9ef5-1adc7c1fd4ab X-Archives-Hash: b96d69fab79f5e898c45fd34cf903ccf commit: b5a820ed211f8fb84d84c6889f9b0bb9204544e4 Author: Sven Vermeulen siphos be> AuthorDate: Sat Dec 10 13:59:02 2011 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Sat Dec 10 13:59:02 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-docs= .git;a=3Dcommit;h=3Db5a820ed Update documents to reflect supporting vanilla SELinux support --- xml/selinux/hb-using-install.xml | 54 +++++++++++++++++---------------= ------ 1 files changed, 24 insertions(+), 30 deletions(-) diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-inst= all.xml index 4d9c1eb..85341cc 100644 --- a/xml/selinux/hb-using-install.xml +++ b/xml/selinux/hb-using-install.xml @@ -7,17 +7,17 @@ =20 -14 -2011-10-18 +15 +2011-12-10 =20
-Installing Gentoo Hardened +Installing Gentoo (Hardened) Introduction =20

-Getting a Gentoo Hardened SELinux installation doesn't require weird act= ions. +Getting a SELinux-powered Gentoo installation doesn't require weird acti= ons. What you need to do is install Gentoo Linux with the correct profile, co= rrect kernel configuration and some file system relabelling. We seriously reco= mmend to use SELinux together with other hardening improvements (such as PaX / @@ -25,10 +25,10 @@ grSecurity).

=20

-This chapter will describe the steps to install Gentoo Hardened with SEL= inux. We +This chapter will describe the steps to install Gentoo with SELinux. We assume that you have an existing Gentoo Linux system which you want to c= onvert -to Gentoo Hardened with SELinux. If this is not the case, you should sti= ll read -on: you can install Gentoo Hardened with SELinux immediately if you make= the +to Gentoo with SELinux. If this is not the case, you should still read +on: you can install Gentoo with SELinux immediately if you make the correct decisions during the installation process, based on the informat= ion in this chapter.

@@ -162,35 +162,29 @@ the following settings to the right file (for insta= nce =20

Now that you have a running Gentoo Linux installation, switch the Gentoo= profile -to the right SELinux hardened profile (for instance,=20 +to the right SELinux profile (for instance,=20 hardened/linux/amd64/no-multilib/selinux). Note that the ol= der -profiles (like selinux/v2refpolicy/amd64/hardened) are stil= l -supported though. +profiles (like selinux/v2refpolicy/amd64/hardened) are not=20 +supported anymore.

=20 
 ~# eselect profile list
 Available profile symlink targets:
   [1]   default/linux/amd64/10.0
-  [2]   default/linux/amd64/10.0/desktop
-  [3]   default/linux/amd64/10.0/desktop/gnome
-  [4]   default/linux/amd64/10.0/desktop/kde
-  [5]   default/linux/amd64/10.0/developer
-  [6]   default/linux/amd64/10.0/no-multilib
-  [7]   default/linux/amd64/10.0/server
-  [8]   hardened/linux/amd64
-  [9]   hardened/linux/amd64/selinux
-  [10]  hardened/linux/amd64/no-multilib *
-  [11]  hardened/linux/amd64/no-multilib/selinux
-  [12]  selinux/2007.0/amd64
-  [13]  selinux/2007.0/amd64/hardened
-  [14]  selinux/v2refpolicy/amd64
-  [15]  selinux/v2refpolicy/amd64/desktop
-  [16]  selinux/v2refpolicy/amd64/developer
-  [17]  selinux/v2refpolicy/amd64/hardened
-  [18]  selinux/v2refpolicy/amd64/server
-
-~# eselect profile set 11
+  [2]   default/linux/amd64/10.0/selinux
+  [3]   default/linux/amd64/10.0/desktop
+  [4]   default/linux/amd64/10.0/desktop/gnome
+  [5]   default/linux/amd64/10.0/desktop/kde
+  [6]   default/linux/amd64/10.0/developer
+  [7]   default/linux/amd64/10.0/no-multilib
+  [8]   default/linux/amd64/10.0/server
+  [9]   hardened/linux/amd64
+  [10]  hardened/linux/amd64/selinux
+  [11]  hardened/linux/amd64/no-multilib *
+  [12]  hardened/linux/amd64/no-multilib/selinux
+
+~# eselect profile set 12
=20 @@ -595,7 +589,7 @@ running, most of them in the same security domain, bu= t in different categories.

Finally, you can also select mls to differentiate security domain= s on a sensitivity level. However, MLS is currently still considered experime= ntal -in Gentoo Hardened and as such not recommended. +in Gentoo and as such not recommended.

=20