Summary: | <=sec-policy/selinux-base-policy-2.20120725-r8 provides unconfined and collides with sec-policy/selinux-unconfined | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Andreis Vinogradovs ( slepnoga ) <andreis.vinogradovs> |
Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | VERIFIED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | sec-policy r9 | ||
Package list: | Runtime testing required: | --- |
Description
Andreis Vinogradovs ( slepnoga )
2012-11-26 16:12:11 UTC
Hmm, it's indeed offered by the selinux-base-policy already. I might just remove the selinux-unconfined package alltogether. (In reply to comment #1) > Hmm, it's indeed offered by the selinux-base-policy already. I might just > remove the selinux-unconfined package alltogether. may need to add a block ? Actually, I need to do the inverse: do not have selinux-base-policy provide unconfined. Its needed to support mls/mcs properly as those do not have a "strict/targeted" separation which we have for the normal policies. Also, this is how it is handled "upstream" as well. Okay, we will be supporting USE=unconfined so that, if a user uses SELinux policy types "mcs" or "mls", then USE=unconfined will update their configuration to use the unconfined domains (for users, i.e. in the seusers file, as well as by depending on selinux-unconfined). For the "targeted" and "strict" the current behavior remains (i.e. targeted = strict with unconfined in). If you use the live ebuilds, they should support this already. Otherwise, this change will propagate with the r9 (and later) releases. r9 in hardened-dev overlay r9 in main repo, ~arch'ed Forgot to mention... stabilized a while ago ;) |