Gentoo Hardened SELinux Change OverviewThis document will give an overview of all SELinux documented changes made on particular dates and that might be important for users to follow up through. Changes that only affect ~arch users will be documented below and moved up when they are stabilized. It is possible though that these changes will be "fixed" automatically and as such removed from this page. 2. Overview of Changes for Stable Users 2012/05/26 - Support of initramfs Users who boot with an initramfs will need to boot in permissive mode first, and later on switch to enforcing mode. This can be done automatically using an init script, as documented at Initramfs users. 2012/05/26 - Support for graphical login managers Users who boot into a graphical environment (such as through GDM) will need to edit their PAM configuration files accordingly to support SELinux security context settings. This is documented at Users of a graphical environment. 2012/05/18 - No more sandbox configuration needed The previously documented editing of /etc/sandbox.conf to open write access to /sys/fs/selinux/context can be removed as the SELinux profile does this now automatically. 2012/04/29 - Edit of lvm-start/stop scripts no longer needed When users install the newly stabilized 2.20120215 policies, the documented editing of /lib/rcscripts/addons/lvm-st*.sh is no longer needed. 2012/02/21 - /dev mount line in fstab no longer needed The previously documented /dev mount line in /etc/fstab is no longer needed as util-linux-2.20.1-r1 has been marked stable (which contains the correct bug fix). 2011/12/10 - Deprecation of selinux/v2refpolicy/* profiles The old SELinux profiles (starting with selinux/v2refpolicy) are not supported anymore. Users are strongly encouraged to switch to the new profiles (those ending with /selinux). 2011/07/22 - Introduction of MLS/MCS support We now support MLS and MCS, right next to targeted and strict SELinux policy types. When using MLS or MCS, you will need to update the /tmp entry in your /etc/fstab to use rootcontext=system_u:object_r:tmp_t:s0 (note the trailing :s0). 3. Overview of Changes for ~Arch Users 2012/05/26 - Definition of /run in fstab Users that have a /run location will need to mark this location in their /etc/fstab to make sure it gets mounted with the right SELinux context. For users of the strict and targeted SELinux policy types:
For other policy types users:
The contents of this document, unless otherwise expressly stated, are licensed under the CC-BY-SA-2.5 license. The Gentoo Name and Logo Usage Guidelines apply. |
|