update previews

7 files changed, 177 insertions, 11 deletions

diff --git a/html/pic-guide.html b/html/pic-guide.html
index 843cb84..0b5fde9 100644
--- a/html/pic-guide.html
+++ b/html/pic-guide.html
@@ -68,7 +68,7 @@ or not. There are occasional architectures which don't make the
 distinction, usually because all object code is position independent by
 virtue of the Application Binary Interface (ABI), or less often because
 the load address of the object is fixed at compile time, which implies
-that shared libraries are not supported by such a platform).
+that shared libraries are not supported by such a platform.
 
 If an object is compiled as position independent code (PIC),
 then the operating system can load the object at any address
diff --git a/html/roadmap.html b/html/roadmap.html
index 25e8f71..ae59a97 100644
--- a/html/roadmap.html
+++ b/html/roadmap.html
@@ -287,15 +287,15 @@ of the packages.
 </tr>
 <tr>
   <td class="tableinfo">Improve QA on SELinux packages (f.i. migrate patchbundles away from filesdir)</td>
-  <td class="tableinfo">2011-07-01</td>
-  <td class="tableinfo"><span class="code-keyword">On track</span></td>
+  <td class="tableinfo">2011-07-15</td>
+  <td class="tableinfo"><span class="code-variable">In progress</span></td>
   <td class="tableinfo">blueness, SwifT</td>
   <td class="tableinfo"><a href="https://bugs.gentoo.org/370927">#370927</a></td>
 </tr>
 <tr>
   <td class="tableinfo">Stabilize the new SELinux profile structure</td>
   <td class="tableinfo">2011-07-15</td>
-  <td class="tableinfo"><span class="code-keyword">On track</span></td>
+  <td class="tableinfo"><span class="code-variable">In progress</span></td>
   <td class="tableinfo">blueness, SwifT</td>
   <td class="tableinfo"><a href="https://bugs.gentoo.org/365483">#365483</a></td>
 </tr>
@@ -311,7 +311,7 @@ of the packages.
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="roadmap.xml?style=printable">Print</a></p></td></tr>
-<tr><td class="topsep" align="center"><p class="alttext">Updated June 13, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated July 10, 2011</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 A roadmap that plots current needs and goals of the
 Hardened Gentoo project.
diff --git a/html/selinux-faq.html b/html/selinux-faq.html
index f202d8b..f3c097c 100644
--- a/html/selinux-faq.html
+++ b/html/selinux-faq.html
@@ -97,8 +97,13 @@ features of the compiler.
 </p>
 <p class="secthead"><a name="rsbac"></a><a name="doc_chap2_sect4">Can I use SELinux and RSBAC?</a></p>
 <p>
-We don't know. If you try this combination, we would be very interested
-in its results.
+Yes, SELinux and RSBAC can be used together, but it is not recommended. The
+RSBAC framework that is added to the Linux Security Modules framework (which
+is used by SELinux) impacts performance for little added value. 
+</p>
+<p>
+In most cases, it makes more sense to use RSBAC without SELinux, or SELinux
+without RSBAC.
 </p>
 <p class="secthead"><a name="filesystem"></a><a name="doc_chap2_sect5">Can I use SELinux with any file system?</a></p>
 <p>
@@ -471,7 +476,7 @@ Another fix would be to disable UBAC completely. This is accomplished with
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
 <tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux-faq.xml?style=printable">Print</a></p></td></tr>
-<tr><td class="topsep" align="center"><p class="alttext">Updated June 1, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated July 13, 2011</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 Frequently Asked Questions on SELinux integration with Gentoo Hardened.
 The FAQ is a collection of solutions found on IRC, mailinglist, forums or 
diff --git a/html/selinux/hb-using-commands.html b/html/selinux/hb-using-commands.html
index d9b6904..6d6f21a 100644
--- a/html/selinux/hb-using-commands.html
+++ b/html/selinux/hb-using-commands.html
@@ -162,6 +162,36 @@ the last command example, dropping <span class="code" dir="ltr">-d</span> would
 rules: for each domain that has file_type set, the search tries to find rules
 that allow file-write access to that particular domain.
 </p>
+<p>
+Another interesting functionality of the <span class="code" dir="ltr">sesearch</span> command is to show you
+the rules that are applicable depending on the state of a boolean. If you want
+to query on a particular boolean, use <span class="code" dir="ltr">-b</span>. If you want to see the logic
+that the policy uses, use <span class="code" dir="ltr">-C</span> (and yes, both can be combined).
+</p>
+<p>
+As an example, we'll check what we allow (or deny) when the <span class="code" dir="ltr">global_ssp</span>
+boolean is set:
+</p>
+<a name="doc_chap1_pre1"></a><table class="ntable" width="100%" cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Code Listing1.1: Checking the policy regarding the global_ssp boolean</p></td></tr>
+<tr><td bgcolor="#eeeeff" align="left" dir="ltr"><pre>
+~# <span class="code-input">sesearch -b global_ssp -A -C -d</span>
+Found 2 semantic av rules:
+ET allow domain device_t : dir { getattr search open } ; [ global_ssp ]
+ET allow domain urandom_device_t : chr_file { ioctl read getattr lock open } ; [ global_ssp ]
+</pre></td></tr>
+</table>
+<p>
+The prefix you see shows two letters, relating to two important definitions:
+</p>
+<ul>
+  <li>
+    Is the rule currently <b>E</b>nabled or <b>D</b>isabled?
+  </li>
+  <li>
+    Does the boolean need to be set to <b>T</b>rue or <b>F</b>alse to enable the rule?
+  </li>
+</ul>
 <p class="secthead"><a name="doc_chap1_sect1">Getting Security Context Information</a></p>
 <p>
 During administrative tasks, and especially when you are checking if a SELinux
@@ -352,7 +382,7 @@ require you to enter the regular users' password.
 </p>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="alttext">Updated May 31, 2011</p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated July 13, 2011</p></td></tr>
 <tr lang="en"><td align="center" class="topsep">
 <p class="alttext"><b>Donate</b> to support our development efforts.
         </p>
diff --git a/html/selinux/modules/bind.html b/html/selinux/modules/bind.html
index 522f2a4..d801cbe 100644
--- a/html/selinux/modules/bind.html
+++ b/html/selinux/modules/bind.html
@@ -130,7 +130,7 @@ master/slave setups.
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux/modules/apache.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux/modules/bind.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated July 9, 2011</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 Within SELinux, the bind module is responsible for defining the BIND
diff --git a/html/selinux/modules/ldap.html b/html/selinux/modules/ldap.html
index 64dda6e..597a8f7 100644
--- a/html/selinux/modules/ldap.html
+++ b/html/selinux/modules/ldap.html
@@ -105,7 +105,7 @@ module.
 --><br>
 </td>
 <td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
-<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux/modules/apache.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux/modules/ldap.xml?style=printable">Print</a></p></td></tr>
 <tr><td class="topsep" align="center"><p class="alttext">Updated July 9, 2011</p></td></tr>
 <tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
 Within SELinux, the ldap module is responsible for defining the openldap
diff --git a/html/selinux/modules/ssh.html b/html/selinux/modules/ssh.html
new file mode 100644
index 0000000..ebe3ec4
--- /dev/null
+++ b/html/selinux/modules/ssh.html
@@ -0,0 +1,131 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link title="new" rel="stylesheet" href="http://www.gentoo.org/../../css/main.css" type="text/css">
+<link REL="shortcut icon" HREF="http://www.gentoo.org/../../favicon.ico" TYPE="image/x-icon">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
+<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
+<title>Gentoo Linux Documentation
+--
+  SELinux SSH Module</title>
+</head>
+<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
+<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/../../images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
+<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
+<td width="99%" class="content" valign="top" align="left">
+<table class="ncontent" align="center" width="90%" border="2px" cellspacing="0" cellpadding="4px"><tr><td bgcolor="#ddddff"><p class="note"><b>Disclaimer : </b>
+    This document is a work in progress and should not be considered official yet.
+  </p></td></tr></table>
+<br><h1>SELinux SSH Module</h1>
+<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
+            </span>Structure</p>
+<p class="secthead"><a name="doc_chap1_sect1">Domains</a></p>
+<br><a name="doc_chap1_fig1"></a><table cellspacing="0" cellpadding="0" border="0">
+<tr><td bgcolor="#7a5ada"><p class="codetitle">Figure1.1: General SSH domain overview</p></td></tr>
+<tr><td align="center" bgcolor="#ddddff"><img src="./images/sshdomain.png" alt="Fig. 1: General SSH domain overview"></td></tr>
+</table>
+<br><p>
+The...
+</p>
+<p class="secthead"><a name="doc_chap1_sect2">File Types/Labels</a></p>
+<p>
+The following table lists the file type/labels defined in the <span class="code" dir="ltr">ldap</span>
+module.
+</p>
+<table class="ntable">
+<tr>
+  <td class="infohead"><b>Type</b></td>
+  <td class="infohead"><b>Function</b></td>
+  <td class="infohead"><b>Description</b></td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_exec_t</td>
+  <td class="tableinfo">Entrypoint</td>
+  <td class="tableinfo">Executable entry point for the slapd daemon binaries</td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_etc_t</td>
+  <td class="tableinfo">Configuration</td>
+  <td class="tableinfo">Label for OpenLDAP configuration files</td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_cert_t</td>
+  <td class="tableinfo">Configuration</td>
+  <td class="tableinfo">Label for certificate keystores used by OpenLDAP</td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_db_t</td>
+  <td class="tableinfo">Configuration</td>
+  <td class="tableinfo">Label for the OpenLDAP database files (backend content)</td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_replog_t</td>
+  <td class="tableinfo">Configuration</td>
+  <td class="tableinfo">Label for the slurpd replication log location</td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_lock_t</td>
+  <td class="tableinfo"></td>
+  <td class="tableinfo">Label for the lock files (runtime)</td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_tmp_t</td>
+  <td class="tableinfo"></td>
+  <td class="tableinfo">Label for the temporary files</td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_var_run_t</td>
+  <td class="tableinfo"></td>
+  <td class="tableinfo">Label for the runtime variable data</td>
+</tr>
+<tr>
+  <td class="tableinfo">slapd_initrc_exec_t</td>
+  <td class="tableinfo"></td>
+  <td class="tableinfo">Label for non-Gentoo init script</td>
+</tr>
+</table>
+<br><p class="copyright">
+	The contents of this document, unless otherwise expressly stated, are licensed under the <a href="http://creativecommons.org/licenses/by-sa/2.5">CC-BY-SA-2.5</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
+  </p>
+<!--
+  <rdf:RDF xmlns="http://web.resource.org/cc/"
+      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
+  <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
+     <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
+     <permits rdf:resource="http://web.resource.org/cc/Distribution" />
+     <requires rdf:resource="http://web.resource.org/cc/Notice" />
+     <requires rdf:resource="http://web.resource.org/cc/Attribution" />
+     <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
+     <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
+  </License>
+  </rdf:RDF>
+--><br>
+</td>
+<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
+<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="selinux/modules/ssh.xml?style=printable">Print</a></p></td></tr>
+<tr><td class="topsep" align="center"><p class="alttext">Updated July 9, 2011</p></td></tr>
+<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
+Within SELinux, the SSH module is responsible for defining what openssh can do
+</p></td></tr>
+<tr><td align="left" class="topsep"><p class="alttext">
+  <a href="mailto:sven.vermeulen@siphos.be" class="altlink"><b>Sven Vermeulen</b></a>
+<br><i>Author</i><br></p></td></tr>
+<tr lang="en"><td align="center" class="topsep">
+<p class="alttext"><b>Donate</b> to support our development efforts.
+        </p>
+<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
+<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
+</form>
+</td></tr>
+<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
+</table></td>
+</tr></table></td></tr>
+<tr><td colspan="2" align="right" class="infohead">
+Copyright 2001-2011 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
+</td></tr>
+</table></body>
+</html>