Hi guys,
The hardened-dev overlay now contains the newest set of SELinux userland
utilities. I've tested them with the current (2.20110726-r13) policy set and
they seem to work well now (finally, had to add a few patches here and
there).
The sad thing is, one of the issues was that libsemanage didn't support
policies without levels properly. The SELinux development mailinglist
mentioned that such policies get little test coverage as most (other)
distributions use a level-enabled policy type (MCS or MLS) anyhow. In
Gentoo, we still support strict/targeted (although MCS is definitely usable
as well).
As I don't want to become the testing ground for such policies, I'll see to
it that MCS becomes our default policy type as well, and that a (simple)
upgrade procedure is available for those still at strict or targeted.
It will also mean the docs will see some updates, and we'll need to add
selinux-unconfined as well as an (optionally installable) module.
Wkr,
Sven Vermeulen
