Had to edit /etc/init.d/root
by Sven Vermeulen, post on Sun 24 June 2012For some reason, I had to edit my /etc/init.d/root file to use "mount /dev/root -n -o remount,rw /" instead of the standard "mount -n -o remount,rw /". Without this, it failed to remount the root file system in a read-write mode, which is of course not …
Overview of SELinux changes
by Sven Vermeulen, post on Sun 24 June 2012Most users of Gentoo hardly take a look at the (installation) documentation when their installation has finished. After all, being a rolling distribution, there is little need to take a look at the instructions again. And for most Gentoo users, changes that are needed to be reviewed by existing users …
Python 3 support for SELinux userland, tests and policy rev 10
by Sven Vermeulen, post on Sat 26 May 2012In the last few hours I pushed my local changes on the SELinux userland utilities towards the hardened-development overlay. The utilities not only include some bugfixes, but have now also seen a first set of tests towards Python 3.2. In the past, I've made a few attempts at making …
Catching up, but stuff is piling...
by Sven Vermeulen, post on Thu 24 May 2012Those that are frequent the #gentoo-hardened chat channel know that I'm currently trying to get the SELinux related utilities working under Python 3. This has progressed quite far, but I'm still not there yet. I'm now hitting a weird bug which seems to come down to an incorrect free() on …
Keeping /selinux
by Sven Vermeulen, post on Fri 04 May 2012Just a very quick paragraph on a just-reported issue: if you upgrade
your SELinux utilities to the latest version and you switch from
/selinux
to /sys/fs/selinux
as the mountpoint for the SELinux file
system, you might get into issues. Apparently, init (which is
responsible for mounting the SELinux …
20120215 policies now stable
by Sven Vermeulen, post on Sun 29 April 2012Today I've stabilized the sec-policy/selinux-*
packages that provide
the 20120215 "series" of SELinux policies. Together with the
stabilization, the more recent userspace tools (like the policycoreutils
as well as libraries like libsemanage and libselinux) have been pushed
out as well. I will be dropping the older policies and userspace …
Chrooted BIND for IPv6 with SELinux
by Sven Vermeulen, post on Sat 14 April 2012BIND, or Berkeley Internet Name Domain, is one of the Internet's most popular domain name service software (DNS). It has seen its set of security flaws in the past, which is not that strange as it is such a frequently used service on the Internet. In this post, I'll give …
Documentation updates for initramfs needed?
by Sven Vermeulen, post on Thu 12 April 2012A quick help request from the community: if you know of any Gentoo documents that need updates in order for end users to know when and how to use initramfs, please file bugreports and have them block bug #407959. Currently, we have updated the Gentoo Handbook, Gentoo Quickinstall guides and …
Get your devtmpfs ready
by Sven Vermeulen, post on Sat 07 April 2012If you are using stable profiles, you might want to verify if you are already running a kernel with devtmpfs support enabled. Why? Well, currently you might not need it, but the upcoming openrc/udev packages require it and they currently do not fail at install time if you have …
More on initramfs and SELinux
by Sven Vermeulen, post on Sun 25 March 2012With the upcoming udev version not supporting separate /usr
locations unless you boot with an initramfs, we are
now
starting
to document how to
create an initramfs to boot with. After all, systems with a separate
/usr
are not that uncommon.
As I've blogged about before, getting an initramfs to …