* [gentoo-hardened] Updates on SELinux (base) policy and packages
@ 2011-07-07 18:51 Sven Vermeulen
0 siblings, 0 replies; only message in thread
From: Sven Vermeulen @ 2011-07-07 18:51 UTC (permalink / raw
To: gentoo-hardened
Hi lads,
I've pushed a few changes to the hardened-dev.git overlay, ready for your
mass inspection and testing. The changes include:
- sec-policy/selinux-base-policy-2.20101213-r18
* Allow portage (using gentoo_portage_allow_nfs boolean) to work with
NFS-mounted file systems
* Fix a few openrc issues, including gcc-config support
* Allow firefox plugins to work again
* Fix support for syslog & postgresql init scripts
* Allow mount to use the context= option for most types (not only file
system types)
- sec-policy/selinux-mozilla-2.20101213-r3
* Support proxies and tor
- sec-policy/selinux-rpc-2.20101213-r1
* Allow rpcd_t to listen to udp_socket (needed for NFS to work)
- sys-apps/policycoreutils-2.0.82-r2
* Support for Python 3
- sys-libs/libsemanage-2.0.45-r1
* Support for Python 3
Beware about the policycoreutils: it has a file in files/ that needs to be
placed on a correct location. If you want to try it out, copy it to your
distfiles. I couldn't just use FILESDIR since there were more than a few
changes needed in the ebuild. Right now, if yo don't copy it to your
distfiles, it'll give a fetch failure (it'll search on the distfiles).
Perhaps blueness wants to put the change in dev.g.o somewhere and adjust the
ebuild in the overlay?
Anyhow, these items fix the following bugs:
- #373673 portage fails to emerge with /usr portage on nfs with selinux
- #369089 sys-libs/libsemanage-2.0.45 fails to emerge
- #371425 postgresql-9.0 init script not SELinux-compatible with current
policies
I did try to get libselinux to support python 3 too, but failed miserably on
that. Even the patch that fedora uses to support python 3 doesn't work here
(various python scripts, including the _selinux.py from Portage, do not seem
to be happy with the string -> bytes or string -> unicode or ... changes
that occur). I might take another stab at this in the future, but for now
I've had about it :-(
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-07-07 18:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-07-07 18:51 [gentoo-hardened] Updates on SELinux (base) policy and packages Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox