[gentoo-dev] heads up for selinux

[gentoo-dev] heads up for selinux

[Chris PeBenito]

[-- Attachment #1: Type: text/plain, Size: 1232 bytes --]

For those that don't know, SELinux was merged into 2.6.0-test3, which is
cool for SELinux users.  However, it has a new API (which is also
backported to 2.4).  Because of the new API, we will be changing a bunch
of the packages to use a new SELinux patch.  We probably won't be doing
this for another week or two, as we need to iron out the upgrade path,
and get a doc for the upgrade.  Let me know if you have any concerns.

Packages that will no longer have a SELinux patch:
dev-util/strace
sys-apps/stat (does anyone even use this?)
sys-apps/tar

Packages that will be adding or changing a SELinux patch:
app-admin/logrotate
net-misc/openssh
sys-apps/coreutils
sys-apps/findutils
sys-apps/procps
sys-apps/psmisc
sys-apps/util-linux
sys-apps/pam-login
sys-apps/vcron
sys-libs/pam
sys-libs/pwdb

Basically this will be in the DEPEND:
selinux? ( sys-libs/libselinux )

And something like this in the src_unpack:
use selinux && epatch ${FILESDIR}/${P}-selinux.diff


-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer, SELinux
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-dev] heads up for selinux

[James H. Cloos Jr.]

|> sys-apps/stat (does anyone even use this?)

Just for reference, stat(1) can be a very useful app when tracking
down why things are not working as expected.

|> ... as we need to iron out the upgrade path, ...

Is there a good upgrade path from USE=-selinux to USE=selinux?

I've been compiling my kernels w/ it (for now with
CONFIG_SECURITY_SELINUX_DEVELOP=y) but have not started
working on the user side of it.  

I've been waiting for a useable general purpose box w/ fine grained
capabilities¹ ever since the capability bits were added to the kernel.
(I cannot even remember how many years that is now. :)

-JimC

¹ Yes, I know there are not capabilities, but the grammer didn't look
  right using 'capability bits'. :-/



--
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] heads up for selinux

[Chris PeBenito]

[-- Attachment #1: Type: text/plain, Size: 709 bytes --]

On Sat, 2003-08-16 at 13:27, James H. Cloos Jr. wrote:
> |> ... as we need to iron out the upgrade path, ...
> 
> Is there a good upgrade path from USE=-selinux to USE=selinux?

Check out the current SELinux quick start guide, which has instructions
for converting preexisting gentoo installs.  This has the instructions
for the old API, but the new API instructions will not be much more
invloved.

http://www.gentoo.org/proj/en/hardened/selinux-quickstart.xml

-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer, SELinux
Hardened Gentoo Linux
 
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]