For those following the progress of SELinux support in Gentoo Hardened...
In the hardened-development overlay, the
has been updated, hopefully fixing a nasty issue with support for the
targeted policy (up to today, I only tested strict policies so I missed
that). It also fixes an issue with dhcpcd not functioning properly. If
you use SELinux and don't have the hardened-development overlay yet,
please use layman -a hardened-development, synchronize (layman
-S) and update your system to get the latest base policy. Also, please
report bugs on Gentoo Bugzilla (and perhaps
immediately add email@example.com to the Cc-list.
The Gentoo Hardened SELinux Handbook, still in draft, has gotten a few updates. It now documents the use of the gentoo_try_dontaudit boolean which the Gentoo Hardened SELinux developers use to hide potential cosmetic denials. If they are truly cosmetic, they will be reported upstream later to be included in the reference policy. If they are not, then users can simple toggle the boolean (setsebool gentoo_try_dontaudit off) to see the denials that the developers hid.
The Gentoo Hardened SELinux Policy now includes the naming convention on the SELinux policy packages with a very short explanation why this particular convention was chosen. The discussion on it can be found on the gentoo-hardened mailing list and the last online meeting.