From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RYMUp-0001PY-8L for garchives@archives.gentoo.org; Wed, 07 Dec 2011 18:45:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5B6D221C383; Wed, 7 Dec 2011 18:45:26 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 39CC121C393 for ; Wed, 7 Dec 2011 18:44:42 +0000 (UTC) Received: from vapier.localnet (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id A1EE61B400E for ; Wed, 7 Dec 2011 18:44:41 +0000 (UTC) From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Adding a new selinux profile to default/linux/{amd64,x86}/10.0 Date: Wed, 7 Dec 2011 13:44:44 -0500 User-Agent: KMail/1.13.7 (Linux/3.1.0-atsc; KDE/4.6.5; x86_64; ; ) References: <4EDF732D.2040700@gentoo.org> In-Reply-To: <4EDF732D.2040700@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6690787.DVVo8vdZ9h"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201112071344.45411.vapier@gentoo.org> X-Archives-Salt: 03b3e228-269c-4ddf-ac52-0393743913cc X-Archives-Hash: cf47abc6e78c40ff860cef621952f70f --nextPart6690787.DVVo8vdZ9h Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Wednesday 07 December 2011 09:07:41 Anthony G. Basile wrote: > Some time ago the selinux team restructured the selinux profiles and > made a features/selinux which could be stacked on the hardened profiles > for x86/amd64. At that time I also tested and found that it stacked > fine on default/linux/{amd64,x86}/10.0. I'm emailing the list to see if > there's any reason why we shouldn't add > default/linux/{amd64,x86}/10.0/selinux. Currently I prefer adding it > directly to 10.0 rather than 10.0/server because the status of the later > is uncertain. Selinux on the desktops is not being strongly supported > so its not appropriate there either, leaving only 10.0/selinux. If > added eselect profile list would show >=20 > [1] default/linux/amd64/10.0 > [2] default/linux/amd64/10.0/selinux > [3] default/linux/amd64/10.0/desktop > [4] default/linux/amd64/10.0/desktop/gnome > [5] default/linux/amd64/10.0/desktop/kde > [6] default/linux/amd64/10.0/developer > [7] default/linux/amd64/10.0/no-multilib > [8] default/linux/amd64/10.0/server > [9] hardened/linux/amd64 * > [10] hardened/linux/amd64/selinux > [11] hardened/linux/amd64/no-multilib > [12] hardened/linux/amd64/no-multilib/selinux we have the selinux/ root. is that no longer necessary ? =2Dmike --nextPart6690787.DVVo8vdZ9h Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQIcBAABAgAGBQJO37QdAAoJEEFjO5/oN/WBnQUQAN5QJPiLlS0IJJThIDvveFjw J1/B4sL4A6LtduekeOLQ8OhmxwsUraXQRXlnbSvhil0ib70x2kmgE67wZO8IklsH HnXlybVpO5xpQH0jttSNZBgMyuSP71FWt90MRo/+xm4dQ32WNC7nGebrnO5tQ3Za Z2XqPxSSSSjiF/W26xI+3vHkqnkCWGnT3xXPTfC+gjPfGLCVGwoa1O+mv4s6ely7 Dx18llMdnjHdzkJcMk2kcR3zCEIU9AtmiY6YchOKhPETFCgHeYAqc43sUH748aaW dJxZJkCTLNZUhKt3vqmUrzeNEaPmMCjL2/pzV0O8HKjQdEwFUHv7lhJUSAnC6QSS Cw3ZwZmfnTPRtyWRTPkDfqO2eJBxOyg9lUWRNjlK+Lx2W6Z9RU+cUpa98U9gOMZ/ lVy3ZNWDTVVkhiBJycmVM/lABBE3/Mu12EkjrcNQAUAIY8Mz7KlT4pUF4EGE5wTS vdhOfeIsz0kQcjO7nFeOJZrC4O/LYRMdI7Vsvc9icxW6HBHzK7IKjb1i2CklcDgY JOyFp9WG71u3/ZDgNk/7Cccp1LoSIilgH0Ls6HUync0u4KmfJyHIRCJQrkLGyC1U aaR4EtW8UC9YNbgBWsJiQxx/gy1W5YBM0/avF1XA3yUdq7Ogy77cvvJ/38hNbZkD Fs45gktCDSuuoUsECV4L =9ujX -----END PGP SIGNATURE----- --nextPart6690787.DVVo8vdZ9h--