Leaderboard

There has been a lot of updates to Funtoo Linux 1.4 since its release -- most of these not officially announced. So it would be a good idea to make an official announcement of many of them: SELinux Updates Firefox and Firefox-bin 69, updated thunderbird. New gfxcard-nvidia-legacy mix-in for older drivers. Updated NVIDIA drivers to latest releases. Conky updated. kde-plasma merge fixes. mesa merge fixes and version bump. ffpmeg updated to latest release, with fixes for arm-64bit. Latest Spotify release added. Openrc net-online major improvements. New Language added: crystal (check it out) debian-sources/debian-sources-lts updates and now compile using your -march settings (since custom-cflags is now enabled by default.) Prior to this they compiled using generic 64-bit optimizations on x86-64bit. New encrypted-root mix-in to be used to enable LUKS in genkernel/debian-sources(-lts). To use, enable this mix-in and re-build your debian-sources(-lts) kernel. Rust-kit is now at 1.37-prime New dev-lua/lua and fixes for lua-using packages. Ebuilds using lua-5.2+ should use the new dev-lua/lua ebuild (not the legacy dev-lua/lua.) fwupd bumped to 1.3.1 nginx, nginx-unit, dovecot, php, mariadb vivaldi updated dovecot updated Anything I forgot? Follow up in this discussion thread. MANY OF THESE FIXES WERE SUBMITTED BY OUR USERS! Thanks to bcowan, perfinion, jhan, tux, tczaude, KlipKyle, scottfurry and anyone I forgot to mention for making Funtoo better for everyone ? ? ?

Hey All, I've gone ahead and updated Funtoo Linux 1.4 to contain the latest implementation of SELinux from Gentoo. SELinux is working well under Funtoo now. To use it, see the SELinux page on the Funtoo wiki. Also reference the https://wiki.gentoo.org/wiki/SELinux/Installation and https://wiki.gentoo.org/wiki/SELinux pages for documentation reference. These Gentoo wiki pages were originally put together by SwiFT and are excellent, and the SELinux team has kept them up-to-date (I must give credit where credit is due ?. We need to work on our modest SELinux wiki page here to improve it: https://www.funtoo.org/SELinux If you are new to SELinux, here are the basic steps. Enable the SELinux mix-in, emerge the SELinux tools as well as policies, rebuild world and etc-update, apply security labels to files, enable in kernel in "permissive mode" -- where it just logs things but doesn't "block" anything, and then start to play. In your /etc/boot.conf, you'll want to add "security=selinux enforcing=0" to your "params +=" line and re-run "ego boot update" to get the kernel booting properly. This is assuming you are using debian-sources or debian-sources-lts. Funtoo is also helping perfinion (find him in #gentoo-base on freenode) in Gentoo test the SELinux-next security policies. Here is how you can test them: 1. Add the following to package.keywords: sec-policy/selinux-* ** 2. Then emerge @selinux-rebuild to reinstall all the 9999 policies (to be used with 2.9 userspace) 3. Do a full relabel. 4. Reboot. Then, you can run and start auditd which will generate logs of what SELinux activity is going on. After your initial reboot into the new SELinux, start auditd with empty logs, and keep it running as you go about your business. After a few days of using Funtoo as you normally would, these logs can be useful to the SELinux team to determine if the new policies are working as expected. Of particular interest is the use of elogind under SELinux. Once using the new SELinux-next policies, 'ps auxfZ | grep logind' should be in the systemd_logind_t domain. Thanks to perfinion and the SELinux team for moving SELinux forward! Let's help them ?