Greetings;
Not sure if this is the right list to ask in, but I figure I'll go ahead
and ask anyway.
At the moment I'm currently on the 13.0/desktop/gnome/systemd profile,
and I'd like to enable SELinux. I know that there is a 13.0/selinux
profile (as well as the hardened profiles) but I was wondering if
there's any documentation (or perhaps someone can offer some guidance)
on doing this while maintaining the current profile.
I've had a look at the SELinux handbook [1], however it only says to
perform the migration using the profiles (and the 'selinux' use flag is
always marked as "do not do this yourself").
My concern is that if I were to migrate to the 13.0/selinux profile, I
would also loose all of the profile default use flags, masks, etc. that
the current profile enables.
I could go through the time and effort of identifying the changes
between the profiles, but that would be a lot of work for only a
potential success (I'd probably end up missing something); besides, I
don't feel that would be the "right" way to do it.
Any suggestions or pointers would be greatly appreciated.
Cheers;
wraeth
[1] http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml
Not sure if this is the right list to ask in, but I figure I'll go ahead
and ask anyway.
At the moment I'm currently on the 13.0/desktop/gnome/systemd profile,
and I'd like to enable SELinux. I know that there is a 13.0/selinux
profile (as well as the hardened profiles) but I was wondering if
there's any documentation (or perhaps someone can offer some guidance)
on doing this while maintaining the current profile.
I've had a look at the SELinux handbook [1], however it only says to
perform the migration using the profiles (and the 'selinux' use flag is
always marked as "do not do this yourself").
My concern is that if I were to migrate to the 13.0/selinux profile, I
would also loose all of the profile default use flags, masks, etc. that
the current profile enables.
I could go through the time and effort of identifying the changes
between the profiles, but that would be a lot of work for only a
potential success (I'd probably end up missing something); besides, I
don't feel that would be the "right" way to do it.
Any suggestions or pointers would be greatly appreciated.
Cheers;
wraeth
[1] http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml