FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

LinkBack Thread Tools
Old 12-27-2011, 05:05 PM
Sven Vermeulen
Default SELinux base policy rev 9 in hardened-dev

Hi guys,

In the hardened-dev overlay you can now find the SELinux policy revision 9
(and its affiliated modules). The included changes are:

- <bug #330767> Include virtualization files & update policy to allow
libvirtd to work in Gentoo
- <bug #394315> Allow direct command execution from sudo (requires the
latest sudo with SELinux support though)
- <no bug> Update skype policy (allow writing to xdg_config_home_t &
reading network state)
- <no bug> Drop compatibility for older baselayout (openrc fully stable)
- <no bug> Have dontaudit for Xserver reading /proc/* (PIDs)

All in all a small set of changes. There are a few bugs still open that I'm
having difficulties with getting the right information or getting it
reproduced. Especially those that are mostly based on running in permissive
mode, since it is very hard then to find out what would be happening if the
system was running in enforcing.

On a side-note, I've moved the SELinux module documentation to the Gentoo
Wiki @ http://wiki.gentoo.org/wiki/SELinux and I've also copied quite a few
entries from our FAQ into the Knowledge Base

Sven Vermeulen
Old 05-15-2012, 06:06 PM
Sven Vermeulen
Default SELinux base policy rev 9 in hardened-dev

Hi guys,

I've pushed out rev 9 of the base policies to the hardened-dev overlay. It
includes the following changes:

** 2012-05-15 Revision 9

<no bug> Introduce named file transition support in policies
<no bug> Eliminate "*_except_auth_files" expressions through new
attribute (backport)
<no bug> Update symbol in clamav_append_log interface (backport)
#411719 Update python scripts to further enhance support #python3
#413065 Allow passwd_t to read default context definitions
#413061 Allow groupadd_t to read default context definitions
#410951 Use /usr/lib and /lib instead of the /usr/lib(64)? and
similar calls

Sven Vermeulen

Thread Tools

All times are GMT. The time now is 04:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org