Hi guys,
I've been able to succesfully install a Gentoo Hardened SELinux system ('t
was time to verify if the installation instructions are still correct ;-)
and things are looking good. Although for SELinux policies there are still
quite a few bugs open, I don't see any regressions wrt r5, so it's time to
push out r6.
So, here you have it. On the hardened-dev overlay you can now find r6 ready
for your hammering. For those interested in the changes, I can't provide
them in the mail anymore as there are too many of them (896 commits to be
exact), the majority coming from upstream. The following bugs should be
resolved with it though (excluding bugs that are only for live ebuilds).
#438068 Shorewall fails to start
#436474 Chromium fails to start, problem with xdg_config_home_t
#434892 nginx should have access to httpd_sys_rw_content_t
#437222 postgresql_stream_connect should provide access to /run/postgresql
#439798 Dovecot needs access to its configuration files
#438840 Logwatch requires correct file context
#438362 No reason to transition to ldconfig_t from within portage
#436688 Wrong context for vdagent definition
#434888 phpfpm uses stream sockets
#433084 Introduce rtorrent policy
Wkr,
Sven Vermeulen
I've been able to succesfully install a Gentoo Hardened SELinux system ('t
was time to verify if the installation instructions are still correct ;-)
and things are looking good. Although for SELinux policies there are still
quite a few bugs open, I don't see any regressions wrt r5, so it's time to
push out r6.
So, here you have it. On the hardened-dev overlay you can now find r6 ready
for your hammering. For those interested in the changes, I can't provide
them in the mail anymore as there are too many of them (896 commits to be
exact), the majority coming from upstream. The following bugs should be
resolved with it though (excluding bugs that are only for live ebuilds).
#438068 Shorewall fails to start
#436474 Chromium fails to start, problem with xdg_config_home_t
#434892 nginx should have access to httpd_sys_rw_content_t
#437222 postgresql_stream_connect should provide access to /run/postgresql
#439798 Dovecot needs access to its configuration files
#438840 Logwatch requires correct file context
#438362 No reason to transition to ldconfig_t from within portage
#436688 Wrong context for vdagent definition
#434888 phpfpm uses stream sockets
#433084 Introduce rtorrent policy
Wkr,
Sven Vermeulen
