1 |
On Tue, 2005-04-19 at 11:24 -0600, Jason K Larson wrote: |
2 |
> Is this the best method for all archs, or was this just the suggestion |
3 |
> for AMD64? |
4 |
|
5 |
You're talking about three different architectures so I'm a little |
6 |
confused, but I'll try to answer anyway. |
7 |
|
8 |
> I'm looking to deploy 2x PPC G4s as (secured) Internet Kiosks using |
9 |
> hardened and selinux. The traffic will be controled by a third PPC G4 |
10 |
> that will act as a firewall/gateway for the other two running an |
11 |
> iptables firewall. |
12 |
|
13 |
There is no PPC pie-ssp SELinux profile, since no one has requested it. |
14 |
In fact I only know of 1 or 2 people that even use SELinux on PPC other |
15 |
then me (though that doesn't mean that there isn't more). I don't know |
16 |
what the status of pie-ssp on non-x86 archs is. |
17 |
|
18 |
> If I understand this correctly from watching the lists. The best method |
19 |
> is to use the no-multilib profile and add the hardened (+pic +pie?) to |
20 |
> USE flags and then follow the selinux guide to convert to selinux. Is |
21 |
> it really that different to use a hardened profile? |
22 |
|
23 |
The SELinux AMD64 profile is multilib, and there is no option for |
24 |
no-multilib. If you try to convert a no-multilib system over to the |
25 |
SELinux profile, I don't know what will happen. So if pie-ssp on AMD64 |
26 |
wants to be no-multilib, then you will be out of luck. |
27 |
|
28 |
> Also, when converting to selinux, I noticed a |
29 |
> selinux/2004.1/x86/hardened profile, while that doesn't help me for the |
30 |
> PPC platform, is that a recommened route for my x86 boxes? |
31 |
|
32 |
If you are looking for SELinux-pie-ssp, yes. |
33 |
|
34 |
-- |
35 |
Chris PeBenito |
36 |
<pebenito@g.o> |
37 |
Developer, |
38 |
Hardened Gentoo Linux |
39 |
Embedded Gentoo Linux |
40 |
|
41 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
42 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |