aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSven Vermeulen <sven.vermeulen@siphos.be>2012-04-10 20:12:13 +0200
committerSven Vermeulen <sven.vermeulen@siphos.be>2012-04-10 20:12:13 +0200
commitfc8853d8d0954a11c738c24ed686c4e0b71064cd (patch)
treef5a0153e1c40c97f4e13132c456ae86e32ae27f0 /xml/selinux/hb-using-install.xml
parentupdate selinux roadmap (diff)
downloadhardened-docs-fc8853d8d0954a11c738c24ed686c4e0b71064cd.tar.gz
hardened-docs-fc8853d8d0954a11c738c24ed686c4e0b71064cd.tar.bz2
hardened-docs-fc8853d8d0954a11c738c24ed686c4e0b71064cd.zip
Fix bug #411365 - Only refer to staff_u when policy is strict
Diffstat (limited to 'xml/selinux/hb-using-install.xml')
-rw-r--r--xml/selinux/hb-using-install.xml13
1 files changed, 10 insertions, 3 deletions
diff --git a/xml/selinux/hb-using-install.xml b/xml/selinux/hb-using-install.xml
index ae3ce92..539586f 100644
--- a/xml/selinux/hb-using-install.xml
+++ b/xml/selinux/hb-using-install.xml
@@ -7,8 +7,8 @@
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/hb-using-install.xml,v 1.4 2011/06/07 19:46:52 klondike Exp $ -->
<sections>
-<version>18</version>
-<date>2012-04-05</date>
+<version>19</version>
+<date>2012-04-10</date>
<section>
<title>Installing Gentoo (Hardened)</title>
@@ -707,7 +707,8 @@ access to the <path>/dev/urandom</path> device:
<body>
<p>
-Finally, we need to map the account(s) you use to manage your system (those
+If the <c>SELINUXTYPE</c> is set to <c>strict</c>, then we
+need to map the account(s) you use to manage your system (those
that need access to Portage) to the <c>staff_u</c> SELinux user. If not, none
of your accounts will be able to succesfully manage the system (except for
<c>root</c>, but then you will need to login as <c>root</c> directly and not
@@ -742,6 +743,12 @@ staff_u:sysadm_r:sysadm_t
</pre>
<p>
+If you however use a <c>targeted</c> policy, then the user you work with will be
+of type <e>unconfined_t</e> and will already have the necessary privileges to
+perform system administrative tasks.
+</p>
+
+<p>
With that done, enjoy - your first steps into the SELinux world are now made.
</p>