FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 12-07-2011, 01:07 PM
"Anthony G. Basile"
 
Default Adding a new selinux profile to default/linux/{amd64,x86}/10.0

Hi everyone,

Some time ago the selinux team restructured the selinux profiles and
made a features/selinux which could be stacked on the hardened profiles
for x86/amd64. At that time I also tested and found that it stacked
fine on default/linux/{amd64,x86}/10.0. I'm emailing the list to see if
there's any reason why we shouldn't add
default/linux/{amd64,x86}/10.0/selinux. Currently I prefer adding it
directly to 10.0 rather than 10.0/server because the status of the later
is uncertain. Selinux on the desktops is not being strongly supported
so its not appropriate there either, leaving only 10.0/selinux. If
added eselect profile list would show

[1] default/linux/amd64/10.0
[2] default/linux/amd64/10.0/selinux
[3] default/linux/amd64/10.0/desktop
[4] default/linux/amd64/10.0/desktop/gnome
[5] default/linux/amd64/10.0/desktop/kde
[6] default/linux/amd64/10.0/developer
[7] default/linux/amd64/10.0/no-multilib
[8] default/linux/amd64/10.0/server
[9] hardened/linux/amd64 *
[10] hardened/linux/amd64/selinux
[11] hardened/linux/amd64/no-multilib
[12] hardened/linux/amd64/no-multilib/selinux

Any objections?

--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
 
Old 12-07-2011, 05:44 PM
Mike Frysinger
 
Default Adding a new selinux profile to default/linux/{amd64,x86}/10.0

On Wednesday 07 December 2011 09:07:41 Anthony G. Basile wrote:
> Some time ago the selinux team restructured the selinux profiles and
> made a features/selinux which could be stacked on the hardened profiles
> for x86/amd64. At that time I also tested and found that it stacked
> fine on default/linux/{amd64,x86}/10.0. I'm emailing the list to see if
> there's any reason why we shouldn't add
> default/linux/{amd64,x86}/10.0/selinux. Currently I prefer adding it
> directly to 10.0 rather than 10.0/server because the status of the later
> is uncertain. Selinux on the desktops is not being strongly supported
> so its not appropriate there either, leaving only 10.0/selinux. If
> added eselect profile list would show
>
> [1] default/linux/amd64/10.0
> [2] default/linux/amd64/10.0/selinux
> [3] default/linux/amd64/10.0/desktop
> [4] default/linux/amd64/10.0/desktop/gnome
> [5] default/linux/amd64/10.0/desktop/kde
> [6] default/linux/amd64/10.0/developer
> [7] default/linux/amd64/10.0/no-multilib
> [8] default/linux/amd64/10.0/server
> [9] hardened/linux/amd64 *
> [10] hardened/linux/amd64/selinux
> [11] hardened/linux/amd64/no-multilib
> [12] hardened/linux/amd64/no-multilib/selinux

we have the selinux/ root. is that no longer necessary ?
-mike
 
Old 12-07-2011, 11:16 PM
"Anthony G. Basile"
 
Default Adding a new selinux profile to default/linux/{amd64,x86}/10.0

On 12/07/2011 01:44 PM, Mike Frysinger wrote:
> On Wednesday 07 December 2011 09:07:41 Anthony G. Basile wrote:
>> Some time ago the selinux team restructured the selinux profiles and
>> made a features/selinux which could be stacked on the hardened profiles
>> for x86/amd64. At that time I also tested and found that it stacked
>> fine on default/linux/{amd64,x86}/10.0. I'm emailing the list to see if
>> there's any reason why we shouldn't add
>> default/linux/{amd64,x86}/10.0/selinux. Currently I prefer adding it
>> directly to 10.0 rather than 10.0/server because the status of the later
>> is uncertain. Selinux on the desktops is not being strongly supported
>> so its not appropriate there either, leaving only 10.0/selinux. If
>> added eselect profile list would show
>>
>> [1] default/linux/amd64/10.0
>> [2] default/linux/amd64/10.0/selinux
>> [3] default/linux/amd64/10.0/desktop
>> [4] default/linux/amd64/10.0/desktop/gnome
>> [5] default/linux/amd64/10.0/desktop/kde
>> [6] default/linux/amd64/10.0/developer
>> [7] default/linux/amd64/10.0/no-multilib
>> [8] default/linux/amd64/10.0/server
>> [9] hardened/linux/amd64 *
>> [10] hardened/linux/amd64/selinux
>> [11] hardened/linux/amd64/no-multilib
>> [12] hardened/linux/amd64/no-multilib/selinux
>
> we have the selinux/ root. is that no longer necessary ?
> -mike

We deprecated that when we moved to the features/selinux. The point was
to avoid duplication and maintain all selinux profile stuff in one
place, then just stack it on top of other profiles like we did with [10]
and [12] above. We now want to extend it to [2].

--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
 

Thread Tools




All times are GMT. The time now is 03:01 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org