From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-361446-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Qfb1v-0001ff-QO
	for garchives@archives.gentoo.org; Sat, 09 Jul 2011 17:09:24 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 94F1821C200;
	Sat,  9 Jul 2011 17:09:06 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 559A221C1EF
	for <gentoo-commits@lists.gentoo.org>; Sat,  9 Jul 2011 17:09:06 +0000 (UTC)
Received: from pelican.gentoo.org (unknown [66.219.59.40])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 8179E2AC120
	for <gentoo-commits@lists.gentoo.org>; Sat,  9 Jul 2011 17:09:05 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by pelican.gentoo.org (Postfix) with ESMTP id 9F2268003D
	for <gentoo-commits@lists.gentoo.org>; Sat,  9 Jul 2011 17:09:04 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <bf0f25aee5101e5b5b58ec37caf90f180fe5319b.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/modules/
X-VCS-Repository: proj/hardened-docs
X-VCS-Files: xml/selinux/modules/portage.xml
X-VCS-Directories: xml/selinux/modules/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: bf0f25aee5101e5b5b58ec37caf90f180fe5319b
Date: Sat,  9 Jul 2011 17:09:04 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 9b9faec8fe07683eaf1d6bb491c56ce6

commit:     bf0f25aee5101e5b5b58ec37caf90f180fe5319b
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Thu Jul  7 19:04:23 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Thu Jul  7 19:04:23 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-docs=
.git;a=3Dcommit;h=3Dbf0f25ae

Update portage module information with latest commit

---
 xml/selinux/modules/portage.xml |   38 ++++++++++++++++++++++++++++++---=
-----
 1 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/xml/selinux/modules/portage.xml b/xml/selinux/modules/portag=
e.xml
index e9dc226..6353a60 100644
--- a/xml/selinux/modules/portage.xml
+++ b/xml/selinux/modules/portage.xml
@@ -18,8 +18,8 @@ manager, Gentoo-specific file system locations and the =
command-line wrappers.
 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
 <license/>
=20
-<version>1</version>
-<date>2011-06-02</date>
+<version>2</version>
+<date>2011-07-07</date>
=20
 <chapter>
 <title>Structure</title>
@@ -268,6 +268,13 @@ distfiles or the repositories for the live ebuilds) =
so take care when
 relabelling locations!
 </p>
=20
+<p>
+If you are using different mounts, you might need to use the=20
+<c>rootcontext=3D</c> mount option to set the initial context. If the fi=
le system
+does not suppor SELinux contexts (like NFS), you can use the <c>context=3D=
</c>
+mount option to force the context of all files on the mounted location.
+</p>
+
 </body>
 </section>
 <section>
@@ -275,12 +282,27 @@ relabelling locations!
 <body>
=20
 <p>
-The Portage module within Gentoo defines one boolean, called
-<c>gentoo_try_dontaudit</c>. When enabled, the policy will hide the AVC =
denials
-of which the Gentoo developers believe they are harmless (cosmetic). If =
this
-boolean is enabled and you are experiencing permission problems, it is w=
ise to
-first disable the boolean and see if you now get any denials that could =
explain
-the problem.
+The Portage module within Gentoo defines two booleans, called
+<c>gentoo_try_dontaudit</c> and <c>gentoo_portage_allow_nfs</c>.=20
+</p>
+
+<p>
+When <c>gentoo_try_dontaudit</c> is enabled, the policy will hide the AV=
C
+denials of which the Gentoo developers believe they are harmless (cosmet=
ic).
+If this boolean is enabled and you are experiencing permission problems,=
 it
+is wise to first disable the boolean and see if you now get any denials =
that
+could explain the problem.
+</p>
+
+<p>
+When <c>gentoo_portage_allow_nfs</c> is enabled, then the Portage-relate=
d
+domains will be able to manage the <c>nfs_t</c> and as such, allow for t=
he=20
+Portage tree and other locations to be NFS-mounted without correcting th=
eir
+label (which is still supported when using the <c>context=3D</c> mount o=
ption).
+</p>
+
+<p>
+To switch booleans, use <c>setsebool</c> or <c>togglesebool</c>.
 </p>
=20
 <pre caption=3D"Enabling the gentoo_try_dontaudit boolean">