From Gentoo Wiki
Jump to:navigation Jump to:search

The SELinux node is an experimental image, ready to run inside a Qemu/KVM guest, offering a Gentoo Hardened system with SELinux and IMA/EVM enabled.

The node is a small (about 1.6 Gbyte of used space) environment which offers a minimal installation. The image itself is created for 50 Gbyte but can of course be resized by the proper tools.

The image can be found on the mirrors, in experimental/amd64/qemu-selinux/.


To use the image, start it up with the following options:

Option Description
-cpu kvm64 Run with the KVM 64-bit enabled CPU, needed as the image is built for x86_64



The image will run the DHCP client service (if you can tell me how to disable that as well, please), but does not enable any interfaces or any network-facing daemons explicitly.


  • version NEXT
    • Larger updates
    • Smaller updates
      • askkeymap and keymaps were both loaded; whatever came last decided on the keymap. Removed keymaps from the boot runlevel.
      • now using hardened-sources-3.8.7
  • version 20130224
    • Add in IMA/EVM support
    • Drop nano editor again (vim is used - people can "emerge nano" if needed)
  • version 20120712
    • Somewhat 'major' updates
      • Add in asking for keyboard layout (it was set to be-latin1 previously)
    • More 'minor' updates
      • Use short DHCP timeout (5 seconds)
      • Fix error message when calling man selinuxnode
      • Add in nano
      • use ~arch for some selinux userspace tools (these include some necessary fixes)
  • version 20120630
    • Initial release