Hi all,
I had no issues turing a no-multilib (hardened/linux/amd64/no-multilib)
system into a SELinux enabled one. I did not however change profiles, as the
feedback I've received earlier indicates that the profiles might have
some... weird things happening ;-)
So I just made local overrides in /etc/portage/profile:
- make.defaults
USE="selinux -acl"
FEATURES="selinux sesandbox sfperms"
PORTAGE_T="portage_t"
PORTAGE_FETCH_T="portage_fetch_t"
PORTAGE_SANDBOX_T="portage_sandbox_t"
- package.mask
* Unmask sec-policy/*
* Mask sec-policy/selinux-*-3 and higher (to force the use of the
2.20101213 ones)
* Unmask setools, sepolgen, checkpolicy, libselinux, libsemanage,
policycoreutils
- package.use.force
sys-apps/portage python2
- package.use.mask
sys-apps/portage python3
- profile.bashrc
SANDBOX_WRITE="${SANDBOXWRITE}:/selinux/"
SANDBOX_WRITE="${SANDBOXWRITE}:/proc/self/"
- use.force
selinux
- use.mask
-hardened
-selinux
emul-linux-x86
multilib
x264
tcc
Runs in enforcing mode (strict policy), gcc -v shows "--disable-multilib".
Wkr,
Sven Vermeulen
