FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 10-15-2011, 06:41 PM
Sven Vermeulen
 
Default Updated SELinux handbook

Hi lads,

I had some issues with my previous attempt on the SELinux handbook (a few
chapters were too detailed, others lacked the detail needed) so I updated a
few chapters and mixed some content left and right. The result is available
in the hardened-docs overlay for now, with a PDF preview at
http://goo.gl/DlHJD

I don't think dev.g.o allows me to put handbookXML on the site (only
GuideXML), but if they can, I'll put it there as well (the GuideXML support
on dev.g.o is currently being repaired).

The chapter I'm most satisfied with now is the one on http://bit.ly/nILZCG
which is imo the chapter first-time SELinux users need to read (right after
installing SELinux on their system).

Thoughts and comments always welcome. Saying "Current one is better" is also
accepted

Wkr,
Sven Vermeulen
 
Old 10-15-2011, 09:06 PM
"Anthony G. Basile"
 
Default Updated SELinux handbook

On 10/15/2011 02:41 PM, Sven Vermeulen wrote:
> Hi lads,
>
> I had some issues with my previous attempt on the SELinux handbook (a few
> chapters were too detailed, others lacked the detail needed) so I updated a
> few chapters and mixed some content left and right. The result is available
> in the hardened-docs overlay for now, with a PDF preview at
> http://goo.gl/DlHJD
>
> I don't think dev.g.o allows me to put handbookXML on the site (only
> GuideXML), but if they can, I'll put it there as well (the GuideXML support
> on dev.g.o is currently being repaired).

I'm not sure what the distinction you're trying to make between
handbookXML and GuideXML. If you mean gorg, dev.g.o has it.

>
> The chapter I'm most satisfied with now is the one on http://bit.ly/nILZCG
> which is imo the chapter first-time SELinux users need to read (right after
> installing SELinux on their system).
>
> Thoughts and comments always welcome. Saying "Current one is better" is also
> accepted
>
> Wkr,
> Sven Vermeulen


--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
 
Old 10-16-2011, 01:58 PM
Sven Vermeulen
 
Default Updated SELinux handbook

On Sat, Oct 15, 2011 at 05:06:21PM -0400, Anthony G. Basile wrote:
> > I don't think dev.g.o allows me to put handbookXML on the site (only
> > GuideXML), but if they can, I'll put it there as well (the GuideXML support
> > on dev.g.o is currently being repaired).
>
> I'm not sure what the distinction you're trying to make between
> handbookXML and GuideXML. If you mean gorg, dev.g.o has it.

I know, but last time I tried it, I got an internal server error. Seems that
this was a more global error with GuideXML support, but the folks at
infrastructure fixed it. Handbooks are possible indeed, so you can watch the
current SELinux handbook at
http://dev.gentoo.org/~swift/docs/previews/selinux/selinux-handbook.xml

Wkr,
Sven Vermeulen
 
Old 10-19-2011, 12:35 PM
"J. Roeleveld"
 
Default Updated SELinux handbook

On Sat, October 15, 2011 8:41 pm, Sven Vermeulen wrote:
> Thoughts and comments always welcome. Saying "Current one is better" is
> also accepted

Hi Sven,

Thank you for your work on this. I am currently using the guide to see how
SELinux works.

In 4.1.5, the only ~arch package that is listed
(sys-process/vixie-cron-4.1-r11) is alread available with "amd64".

Are there any other packages that need to be unmasked?

--
Joost
 
Old 10-19-2011, 12:38 PM
Sven Vermeulen
 
Default Updated SELinux handbook

On Wed, Oct 19, 2011 at 02:35:31PM +0200, J. Roeleveld wrote:
> Thank you for your work on this. I am currently using the guide to see how
> SELinux works.
>
> In 4.1.5, the only ~arch package that is listed
> (sys-process/vixie-cron-4.1-r11) is alread available with "amd64".

Ah yes, the package was stabilized. I'll update the documents accordingly.

> Are there any other packages that need to be unmasked?

There shouldn't be, although we're quite near a stabilization of the more
recent userspace utilities now (which is needed for the latest policies).

Wkr,
Sven Vermeulen
 
Old 10-19-2011, 12:46 PM
"J. Roeleveld"
 
Default Updated SELinux handbook

On Wed, October 19, 2011 2:38 pm, Sven Vermeulen wrote:
> On Wed, Oct 19, 2011 at 02:35:31PM +0200, J. Roeleveld wrote:
>> Are there any other packages that need to be unmasked?
>
> There shouldn't be, although we're quite near a stabilization of the more
> recent userspace utilities now (which is needed for the latest policies).

If you think it is usefull, can you provide me with a list of which
packages and versions are going to be stabilized soon and I will do the
test with those versions.
Then we're certain they'll do fine on a clean install done according to
the guide

--
Joost
 
Old 10-19-2011, 12:50 PM
"J. Roeleveld"
 
Default Updated SELinux handbook

On Wed, October 19, 2011 2:38 pm, Sven Vermeulen wrote:
> On Wed, Oct 19, 2011 at 02:35:31PM +0200, J. Roeleveld wrote:
>> Thank you for your work on this. I am currently using the guide to see
>> how
>> SELinux works.
>>
>> In 4.1.5, the only ~arch package that is listed
>> (sys-process/vixie-cron-4.1-r11) is alread available with "amd64".
>
> Ah yes, the package was stabilized. I'll update the documents accordingly.

Not sure if both work, but shouldn't the file for unmasking packages be:
"/etc/portage/package.keywords" or "/etc/portage/package.keywords/...." ?

That's the file I have been using for years now to unmask files.

--
Joost
 
Old 10-19-2011, 12:51 PM
Sven Vermeulen
 
Default Updated SELinux handbook

On Wed, Oct 19, 2011 at 2:46 PM, J. Roeleveld <joost@antarean.org> wrote:
> If you think it is usefull, can you provide me with a list of which
> packages and versions are going to be stabilized soon and I will do the
> test with those versions.
> Then we're certain they'll do fine on a clean install done according to
> the guide

If I'm not mistaken, that would be:

sys-libs/libselinux
sys-apps/policycoreutils
sys-libs/libsemanage
sys-libs/libsepol
app-admin/setools
dev-python/sepolgen
sys-apps/checkpolicy
sec-policy/*

Wkr,
Sven Vermeulen
 
Old 10-19-2011, 12:52 PM
Sven Vermeulen
 
Default Updated SELinux handbook

On Wed, Oct 19, 2011 at 2:50 PM, J. Roeleveld <joost@antarean.org> wrote:
> Not sure if both work, but shouldn't the file for unmasking packages be:
> "/etc/portage/package.keywords" or "/etc/portage/package.keywords/...." ?
>
> That's the file I have been using for years now to unmask files.

That's the old one (and still working), but for consistency sake,
portage now uses /etc/portage/package.FOOBAR where FOOBAR is the same
as the variable in make.conf (so accept_keywords, accept_licenses,
...)

Wkr,
Sven Vermeulen
 
Old 10-19-2011, 12:54 PM
"J. Roeleveld"
 
Default Updated SELinux handbook

On Wed, October 19, 2011 2:51 pm, Sven Vermeulen wrote:
> On Wed, Oct 19, 2011 at 2:46 PM, J. Roeleveld <joost@antarean.org> wrote:
>> If you think it is usefull, can you provide me with a list of which
>> packages and versions are going to be stabilized soon and I will do the
>> test with those versions.
>> Then we're certain they'll do fine on a clean install done according to
>> the guide
>
> If I'm not mistaken, that would be:
>
> sys-libs/libselinux
> sys-apps/policycoreutils
> sys-libs/libsemanage
> sys-libs/libsepol
> app-admin/setools
> dev-python/sepolgen
> sys-apps/checkpolicy
> sec-policy/*
>
> Wkr,
> Sven Vermeulen

To the latest ~amd64? Or to which version?

--
Joost
>
>
>
 

Thread Tools




All times are GMT. The time now is 03:50 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org