On Tue, 2006-09-26 at 20:36 -0400, Andy Dustman wrote: > So what's the status of Gentoo SELinux these days? The handbook seems > to be updated in the last month, so I guess it's not dead. Just hard > for me (as a non-dev) to see much going on. I have noticed though that > glibc-2.4 and gcc-4 are still masked, which makes me think this is > what was previously referred to by a "non-broken toolchain"? Or are > migration problems the real issue (based on comments in package.mask)? > Are anywhere close to having a selinux/2006.1 profile or is 2007.0 > more realistic? And for a new installation, it looks like it might be > best to avoid 2006.1 in favor of 2006.0 or earlier, since 2006.1 has > glibc-2.4 and gcc-4.1.
Waiting for the next SELinux toolchain release, which has fixes we need for the refpolicy configuration that will be used. I'm told this should be released in the next week or so. This is the toolchain we're referring to. Glibc 2.4 and gcc 4.1 being masked is because the hardened compiler is not available in gcc yet. However, SELinux userland now needs glibc 2.4, so unfortunately people running hardened SELinux systems will be in trouble until the hardened compiler is available for gcc 4.1. The policy ebuilds and eclass are ready, and the docs are mostly written. We just need the next toolchain release (which also blocks refpolicy's release). Then we'll put out a profile and then those that want to test can do so. -- Chris PeBenito <[EMAIL PROTECTED]> Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
signature.asc
Description: This is a digitally signed message part
