| 1 |
On Tue, 2005-04-19 at 11:24 -0600, Jason K Larson wrote: |
| 2 |
> Is this the best method for all archs, or was this just the suggestion |
| 3 |
> for AMD64? |
| 4 |
|
| 5 |
You're talking about three different architectures so I'm a little |
| 6 |
confused, but I'll try to answer anyway. |
| 7 |
|
| 8 |
> I'm looking to deploy 2x PPC G4s as (secured) Internet Kiosks using |
| 9 |
> hardened and selinux. The traffic will be controled by a third PPC G4 |
| 10 |
> that will act as a firewall/gateway for the other two running an |
| 11 |
> iptables firewall. |
| 12 |
|
| 13 |
There is no PPC pie-ssp SELinux profile, since no one has requested it. |
| 14 |
In fact I only know of 1 or 2 people that even use SELinux on PPC other |
| 15 |
then me (though that doesn't mean that there isn't more). I don't know |
| 16 |
what the status of pie-ssp on non-x86 archs is. |
| 17 |
|
| 18 |
> If I understand this correctly from watching the lists. The best method |
| 19 |
> is to use the no-multilib profile and add the hardened (+pic +pie?) to |
| 20 |
> USE flags and then follow the selinux guide to convert to selinux. Is |
| 21 |
> it really that different to use a hardened profile? |
| 22 |
|
| 23 |
The SELinux AMD64 profile is multilib, and there is no option for |
| 24 |
no-multilib. If you try to convert a no-multilib system over to the |
| 25 |
SELinux profile, I don't know what will happen. So if pie-ssp on AMD64 |
| 26 |
wants to be no-multilib, then you will be out of luck. |
| 27 |
|
| 28 |
> Also, when converting to selinux, I noticed a |
| 29 |
> selinux/2004.1/x86/hardened profile, while that doesn't help me for the |
| 30 |
> PPC platform, is that a recommened route for my x86 boxes? |
| 31 |
|
| 32 |
If you are looking for SELinux-pie-ssp, yes. |
| 33 |
|
| 34 |
-- |
| 35 |
Chris PeBenito |
| 36 |
<pebenito@g.o> |
| 37 |
Developer, |
| 38 |
Hardened Gentoo Linux |
| 39 |
Embedded Gentoo Linux |
| 40 |
|
| 41 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 42 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives