* [gentoo-hardened] Updated SELinux handbook
@ 2011-10-15 18:41 Sven Vermeulen
2011-10-15 21:06 ` Anthony G. Basile
2011-10-19 12:35 ` J. Roeleveld
0 siblings, 2 replies; 12+ messages in thread
From: Sven Vermeulen @ 2011-10-15 18:41 UTC (permalink / raw
To: gentoo-hardened
Hi lads,
I had some issues with my previous attempt on the SELinux handbook (a few
chapters were too detailed, others lacked the detail needed) so I updated a
few chapters and mixed some content left and right. The result is available
in the hardened-docs overlay for now, with a PDF preview at
http://goo.gl/DlHJD
I don't think dev.g.o allows me to put handbookXML on the site (only
GuideXML), but if they can, I'll put it there as well (the GuideXML support
on dev.g.o is currently being repaired).
The chapter I'm most satisfied with now is the one on http://bit.ly/nILZCG
which is imo the chapter first-time SELinux users need to read (right after
installing SELinux on their system).
Thoughts and comments always welcome. Saying "Current one is better" is also
accepted ;)
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-15 18:41 [gentoo-hardened] Updated SELinux handbook Sven Vermeulen
@ 2011-10-15 21:06 ` Anthony G. Basile
2011-10-16 13:58 ` Sven Vermeulen
2011-10-19 12:35 ` J. Roeleveld
1 sibling, 1 reply; 12+ messages in thread
From: Anthony G. Basile @ 2011-10-15 21:06 UTC (permalink / raw
To: gentoo-hardened
On 10/15/2011 02:41 PM, Sven Vermeulen wrote:
> Hi lads,
>
> I had some issues with my previous attempt on the SELinux handbook (a few
> chapters were too detailed, others lacked the detail needed) so I updated a
> few chapters and mixed some content left and right. The result is available
> in the hardened-docs overlay for now, with a PDF preview at
> http://goo.gl/DlHJD
>
> I don't think dev.g.o allows me to put handbookXML on the site (only
> GuideXML), but if they can, I'll put it there as well (the GuideXML support
> on dev.g.o is currently being repaired).
I'm not sure what the distinction you're trying to make between
handbookXML and GuideXML. If you mean gorg, dev.g.o has it.
>
> The chapter I'm most satisfied with now is the one on http://bit.ly/nILZCG
> which is imo the chapter first-time SELinux users need to read (right after
> installing SELinux on their system).
>
> Thoughts and comments always welcome. Saying "Current one is better" is also
> accepted ;)
>
> Wkr,
> Sven Vermeulen
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-15 21:06 ` Anthony G. Basile
@ 2011-10-16 13:58 ` Sven Vermeulen
0 siblings, 0 replies; 12+ messages in thread
From: Sven Vermeulen @ 2011-10-16 13:58 UTC (permalink / raw
To: gentoo-hardened
On Sat, Oct 15, 2011 at 05:06:21PM -0400, Anthony G. Basile wrote:
> > I don't think dev.g.o allows me to put handbookXML on the site (only
> > GuideXML), but if they can, I'll put it there as well (the GuideXML support
> > on dev.g.o is currently being repaired).
>
> I'm not sure what the distinction you're trying to make between
> handbookXML and GuideXML. If you mean gorg, dev.g.o has it.
I know, but last time I tried it, I got an internal server error. Seems that
this was a more global error with GuideXML support, but the folks at
infrastructure fixed it. Handbooks are possible indeed, so you can watch the
current SELinux handbook at
http://dev.gentoo.org/~swift/docs/previews/selinux/selinux-handbook.xml
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-15 18:41 [gentoo-hardened] Updated SELinux handbook Sven Vermeulen
2011-10-15 21:06 ` Anthony G. Basile
@ 2011-10-19 12:35 ` J. Roeleveld
2011-10-19 12:38 ` Sven Vermeulen
1 sibling, 1 reply; 12+ messages in thread
From: J. Roeleveld @ 2011-10-19 12:35 UTC (permalink / raw
To: gentoo-hardened
On Sat, October 15, 2011 8:41 pm, Sven Vermeulen wrote:
> Thoughts and comments always welcome. Saying "Current one is better" is
> also accepted ;)
Hi Sven,
Thank you for your work on this. I am currently using the guide to see how
SELinux works.
In 4.1.5, the only ~arch package that is listed
(sys-process/vixie-cron-4.1-r11) is alread available with "amd64".
Are there any other packages that need to be unmasked?
--
Joost
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-19 12:35 ` J. Roeleveld
@ 2011-10-19 12:38 ` Sven Vermeulen
2011-10-19 12:46 ` J. Roeleveld
2011-10-19 12:50 ` J. Roeleveld
0 siblings, 2 replies; 12+ messages in thread
From: Sven Vermeulen @ 2011-10-19 12:38 UTC (permalink / raw
To: gentoo-hardened
On Wed, Oct 19, 2011 at 02:35:31PM +0200, J. Roeleveld wrote:
> Thank you for your work on this. I am currently using the guide to see how
> SELinux works.
>
> In 4.1.5, the only ~arch package that is listed
> (sys-process/vixie-cron-4.1-r11) is alread available with "amd64".
Ah yes, the package was stabilized. I'll update the documents accordingly.
> Are there any other packages that need to be unmasked?
There shouldn't be, although we're quite near a stabilization of the more
recent userspace utilities now (which is needed for the latest policies).
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-19 12:38 ` Sven Vermeulen
@ 2011-10-19 12:46 ` J. Roeleveld
2011-10-19 12:51 ` Sven Vermeulen
2011-10-19 12:50 ` J. Roeleveld
1 sibling, 1 reply; 12+ messages in thread
From: J. Roeleveld @ 2011-10-19 12:46 UTC (permalink / raw
To: gentoo-hardened
On Wed, October 19, 2011 2:38 pm, Sven Vermeulen wrote:
> On Wed, Oct 19, 2011 at 02:35:31PM +0200, J. Roeleveld wrote:
>> Are there any other packages that need to be unmasked?
>
> There shouldn't be, although we're quite near a stabilization of the more
> recent userspace utilities now (which is needed for the latest policies).
If you think it is usefull, can you provide me with a list of which
packages and versions are going to be stabilized soon and I will do the
test with those versions.
Then we're certain they'll do fine on a clean install done according to
the guide :)
--
Joost
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-19 12:38 ` Sven Vermeulen
2011-10-19 12:46 ` J. Roeleveld
@ 2011-10-19 12:50 ` J. Roeleveld
2011-10-19 12:52 ` Sven Vermeulen
1 sibling, 1 reply; 12+ messages in thread
From: J. Roeleveld @ 2011-10-19 12:50 UTC (permalink / raw
To: gentoo-hardened
On Wed, October 19, 2011 2:38 pm, Sven Vermeulen wrote:
> On Wed, Oct 19, 2011 at 02:35:31PM +0200, J. Roeleveld wrote:
>> Thank you for your work on this. I am currently using the guide to see
>> how
>> SELinux works.
>>
>> In 4.1.5, the only ~arch package that is listed
>> (sys-process/vixie-cron-4.1-r11) is alread available with "amd64".
>
> Ah yes, the package was stabilized. I'll update the documents accordingly.
Not sure if both work, but shouldn't the file for unmasking packages be:
"/etc/portage/package.keywords" or "/etc/portage/package.keywords/...." ?
That's the file I have been using for years now to unmask files.
--
Joost
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-19 12:46 ` J. Roeleveld
@ 2011-10-19 12:51 ` Sven Vermeulen
2011-10-19 12:54 ` J. Roeleveld
0 siblings, 1 reply; 12+ messages in thread
From: Sven Vermeulen @ 2011-10-19 12:51 UTC (permalink / raw
To: gentoo-hardened
On Wed, Oct 19, 2011 at 2:46 PM, J. Roeleveld <joost@antarean.org> wrote:
> If you think it is usefull, can you provide me with a list of which
> packages and versions are going to be stabilized soon and I will do the
> test with those versions.
> Then we're certain they'll do fine on a clean install done according to
> the guide :)
If I'm not mistaken, that would be:
sys-libs/libselinux
sys-apps/policycoreutils
sys-libs/libsemanage
sys-libs/libsepol
app-admin/setools
dev-python/sepolgen
sys-apps/checkpolicy
sec-policy/*
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-19 12:50 ` J. Roeleveld
@ 2011-10-19 12:52 ` Sven Vermeulen
0 siblings, 0 replies; 12+ messages in thread
From: Sven Vermeulen @ 2011-10-19 12:52 UTC (permalink / raw
To: gentoo-hardened
On Wed, Oct 19, 2011 at 2:50 PM, J. Roeleveld <joost@antarean.org> wrote:
> Not sure if both work, but shouldn't the file for unmasking packages be:
> "/etc/portage/package.keywords" or "/etc/portage/package.keywords/...." ?
>
> That's the file I have been using for years now to unmask files.
That's the old one (and still working), but for consistency sake,
portage now uses /etc/portage/package.FOOBAR where FOOBAR is the same
as the variable in make.conf (so accept_keywords, accept_licenses,
...)
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-19 12:51 ` Sven Vermeulen
@ 2011-10-19 12:54 ` J. Roeleveld
2011-10-19 12:56 ` Sven Vermeulen
0 siblings, 1 reply; 12+ messages in thread
From: J. Roeleveld @ 2011-10-19 12:54 UTC (permalink / raw
To: gentoo-hardened
On Wed, October 19, 2011 2:51 pm, Sven Vermeulen wrote:
> On Wed, Oct 19, 2011 at 2:46 PM, J. Roeleveld <joost@antarean.org> wrote:
>> If you think it is usefull, can you provide me with a list of which
>> packages and versions are going to be stabilized soon and I will do the
>> test with those versions.
>> Then we're certain they'll do fine on a clean install done according to
>> the guide :)
>
> If I'm not mistaken, that would be:
>
> sys-libs/libselinux
> sys-apps/policycoreutils
> sys-libs/libsemanage
> sys-libs/libsepol
> app-admin/setools
> dev-python/sepolgen
> sys-apps/checkpolicy
> sec-policy/*
>
> Wkr,
> Sven Vermeulen
To the latest ~amd64? Or to which version? :)
--
Joost
>
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-19 12:54 ` J. Roeleveld
@ 2011-10-19 12:56 ` Sven Vermeulen
2011-10-19 14:17 ` J. Roeleveld
0 siblings, 1 reply; 12+ messages in thread
From: Sven Vermeulen @ 2011-10-19 12:56 UTC (permalink / raw
To: gentoo-hardened
On Wed, Oct 19, 2011 at 2:54 PM, J. Roeleveld <joost@antarean.org> wrote:
> To the latest ~amd64? Or to which version? :)
Latest is fine (for now ;-)
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [gentoo-hardened] Updated SELinux handbook
2011-10-19 12:56 ` Sven Vermeulen
@ 2011-10-19 14:17 ` J. Roeleveld
0 siblings, 0 replies; 12+ messages in thread
From: J. Roeleveld @ 2011-10-19 14:17 UTC (permalink / raw
To: gentoo-hardened
On Wed, October 19, 2011 2:56 pm, Sven Vermeulen wrote:
> On Wed, Oct 19, 2011 at 2:54 PM, J. Roeleveld <joost@antarean.org> wrote:
>> To the latest ~amd64? Or to which version? :)
>
> Latest is fine (for now ;-)
>
> Wkr,
> Sven Vermeulen
Ok, selecting latest.
Compared to the latest snapshot, there is a newer gcc (4.5) then in the
snapshot (4.4).
Does it make sense to recompile everything with 4.5 (IOW, emerge -e world)?
Am asking due to a message related to PAX_MEMORY_STACKLEAK when compiling
the kernel.
--
Joost
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2011-10-19 14:18 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-15 18:41 [gentoo-hardened] Updated SELinux handbook Sven Vermeulen
2011-10-15 21:06 ` Anthony G. Basile
2011-10-16 13:58 ` Sven Vermeulen
2011-10-19 12:35 ` J. Roeleveld
2011-10-19 12:38 ` Sven Vermeulen
2011-10-19 12:46 ` J. Roeleveld
2011-10-19 12:51 ` Sven Vermeulen
2011-10-19 12:54 ` J. Roeleveld
2011-10-19 12:56 ` Sven Vermeulen
2011-10-19 14:17 ` J. Roeleveld
2011-10-19 12:50 ` J. Roeleveld
2011-10-19 12:52 ` Sven Vermeulen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox