Gentoo metadata support for CPE
by Sven Vermeulen, post on Fri 10 May 2013Recently, the metadata.xml file syntax definition (the DTD for those
that know a bit of XML) has been updated to support CPE definitions. A
CPE (Common Platform Enumeration) is an
identifier that
describes an
application, operating system or hardware device using its vendor,
product name, version, update, edition and …
New SELinux userspace release
by Sven Vermeulen, post on Fri 26 April 2013A new release of the SELinux userspace utilities was recently announced. I have made the packages for Gentoo available and they should now be in the main tree (\~arch of course). During the testing of the packages however, I made a stupid mistake of running the tests on the wrong …
Gentoo protip: using buildpkgonly
by Sven Vermeulen, post on Thu 25 April 2013If you don't want to have the majority of builds run in the background while you are busy on the system, but you don't want to automatically install software in the background when you are not behind your desk, then perhaps you can settle for using binary packages. I'm not …
SLOT'ing the old swig-1
by Sven Vermeulen, post on Tue 23 April 2013The SWIG tool helps developers in building interfaces/libraries that can be accessed from many other languages than the ones the library is initially written in or for. The SELinux userland utility setools uses it to provide Python and Ruby interfaces even though the application itself is written in C …
Introducing selocal for small SELinux policy enhancements
by Sven Vermeulen, post on Sun 21 April 2013When working with a SELinux-enabled system, administrators will eventually need to make small updates to the existing policy. Instead of building their own full policy (always an option, but most likely not maintainable in the long term) one or more SELinux policy modules are created (most distributions use a modular …
Transforming GuideXML to DocBook
by Sven Vermeulen, post on Sat 20 April 2013I recently committed an XSL stylesheet that allows us to transform the GuideXML documents (both guides and handbooks) to DocBook. This isn't part of a more elaborate move to try and push DocBook instead of GuideXML for the Gentoo Documentation though (I'd rather direct documentation development more to the Gentoo …
Another Gentoo Hardened month has passed
by Sven Vermeulen, post on Thu 18 April 2013Another month has passed, so time to mention again what we have all been doing lately ;-)
Toolchain
Version 4.8 of GCC is available in the tree, but currently masked. The package contains a fix needed to build hardened-sources, and a fix for the asan (address sanitizer). asan support in …
Not needing run_init for password-less service management
by Sven Vermeulen, post on Tue 09 April 2013One of the things that has been bugging me was why, even with having
pam_rootok.so set in /etc/pam.d/run_init, I cannot enjoy
passwordless service management without using run_init directly:
# rc-service postgresql-9.2 status
Authenticating root.
Password:
# run_init rc-service postgresql-9.2 status
Authenticating root …Separate puppet provider for Gentoo/SELinux?
by Sven Vermeulen, post on Sun 07 April 2013While slowly transitioning my playground infrastructure towards Puppet, I already am in process of creating a custom provider for things such as services. Puppet uses providers as "implementations" for the functions Puppet needs. For instance, for the service type (which handles init script services), there are providers for RedHat, Debian …
Matching packages with CVEs
by Sven Vermeulen, post on Thu 04 April 2013I've come across a few posts on forums (Gentoo and elsewhere) asking why Gentoo doesn't make security-related patches on the tree. Some people think this is the case because they do not notice (m)any GLSAs, which are Gentoo's security advisories. However, it isn't that Gentoo doesn't push out security …