diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-05-07 22:06:18 +0200 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2012-05-07 22:06:18 +0200 |
| commit | de8df879dbb5c649f8f49b36c9df9d6cb4f7edd5 (patch) | |
| tree | c623c7cd34378de227dc19fbb801c5a796e90a3b | |
| parent | Adding blurb on using /selinux for now (diff) | |
| download | hardened-docs-de8df879dbb5c649f8f49b36c9df9d6cb4f7edd5.tar.gz hardened-docs-de8df879dbb5c649f8f49b36c9df9d6cb4f7edd5.tar.bz2 hardened-docs-de8df879dbb5c649f8f49b36c9df9d6cb4f7edd5.zip | |
Reverting change from /sys/fs/selinux to /selinux, need it until Portage is stabilized
| -rw-r--r-- | xml/selinux/hb-using-install.xml | 26 |
1 files changed, 5 insertions, 21 deletions
diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-install.xml index 6a58a58..2ecf08c 100644 --- a/xml/selinux/hb-using-install.xml +++ b/xml/selinux/hb-using-install.xml @@ -7,8 +7,8 @@ <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml,v 1.4 2011/06/07 19:46:52 klondike Exp $ --> <sections> -<version>23</version> -<date>2012-05-06</date> +<version>24</version> +<date>2012-05-07</date> <section> <title>Installing Gentoo (Hardened)</title> @@ -285,26 +285,10 @@ tools or configurations that apply. /bin/hostname.old</c>. </li> <!-- - TODO When the fix is accepted in the portage code and that portage version is - stabilized, the change is not needed anymore. + TODO When portage fix is stabilized, convert docs to /sys/fs/selinux --> - <li> - Edit <path>/etc/sandbox.conf</path> and add in - <path>/sys/fs/selinux/context</path> to the <c>SANDBOX_WRITE</c> parameter. - This is currently needed to work around bug <uri - link="https://bugs.gentoo.org/410687">410687</uri>. - </li> </ul> -<p> -Previously (before <path>sys-libs/libselinux-2.1.9</path> was stabilized) the -location of the SELinux file system was <path>/selinux</path>. This location can -still be used (the recent libselinux implementations are currently backwards -compatible with it) and, due to <uri link="https://bugs.gentoo.org/14779">bug -14779</uri>, is still the location to use if you do not boot with an initramfs -that premounts <path>/sys</path>. -</p> - </body> </subsection> <subsection> @@ -412,7 +396,7 @@ Next, edit <path>/etc/fstab</path> and add the following two lines: <pre caption="Enabling selinux-specific file system options"> <comment># The udev mount is due to bug #373381</comment> udev /dev tmpfs rw,rootcontext=system_u:object_r:device_t,seclabel,nosuid,relatime,size=10m,mode=755 0 0 -none /sys/fs/selinux selinuxfs defaults 0 0 +none /selinux selinuxfs defaults 0 0 </pre> <note> @@ -428,7 +412,7 @@ level, so <c>...:device_t:s0</c>. <p> With the above changes made, reboot your system. Assert yourself that you are -now running a Linux kernel with SELinux enabled (the <path>/sys/fs/selinux</path> file +now running a Linux kernel with SELinux enabled (the <path>/selinux</path> file system should be mounted). Don't worry - SELinux is at this point not activated. </p> |