- The SELinux policies offered in the
sec-policycategory are based on the latest refpolicy release. The older policies have been removed from the Portage tree. The patches that we include in our policies are sent upstream and are getting eventually merged. This way we ensure that we keep the policies manageable (larger development audience), secure (more eyes looking at policy changes) and usable for other SELinux-enabled distributions.
- The userspace utilities to manage SELinux are also the latest ones available upstream; the older ones have been removed from the tree as well as to keep the number of ebuilds small enough.
- The Gentoo profiles that enable SELinux support are currently the
selinux/v2refpolicyones and the
hardened/*/selinuxones. The former are the older profiles and were a bit more difficult to maintain. The latter ones are the newer profiles which have been running for quite some time now. Alas, we will be deprecating the
selinux/v2refpolicyprofiles pretty soon now.
- The various SELinux-related documents as offered on our subproject page are regularly crosschecked to ensure that they are up-to-date with the latest SELinux state-of-affairs. An additional guide will be created on how to report SELinux policy bugs in bugzilla to ensure that we have the information that is needed to get a policy patch accepted upstream as well.
- On a HR-note: Matt Thode (known as "prometheanfire") has joined the ranks of SELinux developers in Gentoo Hardened. I've also taken over the position as Gentoo Hardened SELinux subproject lead from Chris Pebenito.