From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QLEJX-0001RT-4t for garchives@archives.gentoo.org; Sat, 14 May 2011 12:51:28 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3FC10E04AB; Sat, 14 May 2011 12:51:16 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 00AFCE04AB for ; Sat, 14 May 2011 12:51:15 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 757B41B400B for ; Sat, 14 May 2011 12:51:15 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id BBD0F80509 for ; Sat, 14 May 2011 12:51:14 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/ X-VCS-Repository: proj/hardened-docs X-VCS-Files: xml/selinux/hb-using-install.xml X-VCS-Directories: xml/selinux/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: fce926f5c34fa890e16a1dec7f26ccd12ad50c51 Date: Sat, 14 May 2011 12:51:14 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 8ba1638391744d4da461c66c7a7d6b91 commit: fce926f5c34fa890e16a1dec7f26ccd12ad50c51 Author: Sven Vermeulen siphos be> AuthorDate: Sat May 14 12:50:41 2011 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Sat May 14 12:50:41 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-docs= .git;a=3Dcommit;h=3Dfce926f5 Update on file context changes for openrc --- xml/selinux/hb-using-install.xml | 23 ++++++----------------- 1 files changed, 6 insertions(+), 17 deletions(-) diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-inst= all.xml index f51a62d..5cf0b13 100644 --- a/xml/selinux/hb-using-install.xml +++ b/xml/selinux/hb-using-install.xml @@ -7,8 +7,8 @@ =20 -5 -2011-04-16 +6 +2011-05-14 =20
Installing Gentoo Hardened @@ -110,7 +110,7 @@ Available Python interpreters: -Setting the filesystem contexts +Optional: Setting the filesystem contexts =20

@@ -128,18 +128,6 @@ To configure the /tmp mount, edit your = /etc/fstab: tmpfs /tmp tmpfs defaults,noexec,nosuid,rootcontext=3Dsystem_u:obj= ect_r:tmp_t 0 0 =20 -

-Next to the /tmp location, you will need to explicitly defi= ne the -mount for rc-svcdir, used by sys-apps/openrc. If not, this = tmpfs -file system is mounted with the wrong security label which will result i= n boot -failures. -

- -
-# Change /lib64 with /lib for 32-bit systems / support
-rc-svcdir  /lib64/rc/init.d  tmpfs  rw,rootcontext=3Dsystem_u:object_r:i=
nitrc_state_t,seclabel,nosuid,nodev,noexec,relatime,size=3D1024k,mode=3D7=
55  0 0
-
- @@ -612,8 +600,8 @@ manipulate during your day-to-day activities on your = system. =20

-First relabel your devices. This will apply the correct security context= s -(labels) onto the device files. +First relabel your devices and openrc related files. This will apply the +correct security contexts (labels) onto the necessary files.

=20 
@@ -622,6 +610,7 @@ First relabel your devices. This will apply the corre=
ct security contexts
=20
 (Substitute the "strict" in the next command with "targeted" if=
 that is your SELINUXTYPE selection)
 ~# setfiles -r /mnt/gentoo /etc/selinux/strict/contexts/files/file_co=
ntexts /mnt/gentoo/dev
+~# setfiles -r /mnt/gentoo /etc/selinux/strict/contexts/files/file_co=
ntexts /mnt/gentoo/lib64
 ~# umount /mnt/gentoo
=20