diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2011-12-17 11:52:47 +0100 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2011-12-17 11:52:47 +0100 |
| commit | 874755a75c6184087ed4dee49f0d8b4f84295f0a (patch) | |
| tree | fa9ff20cb16d094651060199d5195f5c9facf33a | |
| parent | Add information on HOME=/, cfr bug #392699 (diff) | |
| download | hardened-docs-874755a75c6184087ed4dee49f0d8b4f84295f0a.tar.gz hardened-docs-874755a75c6184087ed4dee49f0d8b4f84295f0a.tar.bz2 hardened-docs-874755a75c6184087ed4dee49f0d8b4f84295f0a.zip | |
Reboot before relabeling, add blurb about etc-update/dispatch-conf
| -rw-r--r-- | xml/selinux/hb-using-install.xml | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-install.xml index 85341cc..bd33761 100644 --- a/xml/selinux/hb-using-install.xml +++ b/xml/selinux/hb-using-install.xml @@ -7,8 +7,8 @@ <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml,v 1.4 2011/06/07 19:46:52 klondike Exp $ --> <sections> -<version>15</version> -<date>2011-12-10</date> +<version>16</version> +<date>2011-12-17</date> <section> <title>Installing Gentoo (Hardened)</title> @@ -473,7 +473,9 @@ it yet). Next, rebuild those packages affected by the profile change we did previously through a standard world update, taking into account USE-flag changes (as the new profile will change many default USE flags, including enabling the -<c>selinux</c> USE flag). +<c>selinux</c> USE flag). Don't forget to use <c>etc-update</c> or +<c>dispatch-conf</c> afterwards as some changes to configuration files need to +be made. </p> <pre caption="Update your Gentoo Linux system"> @@ -606,7 +608,7 @@ POLICY_TYPES="<i>strict</i>" </body> </subsection> <subsection> -<title>Label the File System</title> +<title>Reboot, and Label the File System</title> <body> <impo> @@ -617,7 +619,8 @@ manipulate during your day-to-day activities on your system. </impo> <p> -First relabel your devices and openrc related files. This will apply the +First reboot your system so that the installed policies are loaded. Now we +need to relabel your devices and openrc related files. This will apply the correct security contexts (labels) onto the necessary files. </p> @@ -671,9 +674,10 @@ correctly. For instance, if you have installed <body> <p> -Reboot your system. Log on and, if you have indeed installed Gentoo using the -hardened sources (as we recommended), enable the SSP SELinux boolean, allowing -every domain read access to the <path>/dev/urandom</path> device: +Reboot your system so that the newly applied file contexts are used. Log on +and, if you have indeed installed Gentoo using the hardened sources (as we +recommended), enable the SSP SELinux boolean, allowing every domain read +access to the <path>/dev/urandom</path> device: </p> <pre caption="Enabling the global_ssp boolean"> |