| 1 |
Hi all, |
| 2 |
|
| 3 |
I just got my hands on a server on which I installed gentoo. I have |
| 4 |
quite some experience with Linux and gentoo, but it is the first time |
| 5 |
that I engaged in a gentoo-hardened installation. |
| 6 |
|
| 7 |
I have linux-headers-2.6.17-r1 installed and am running a |
| 8 |
2.6.17-hardened-r1 kernel in the selinux/x86/2006.1 profile. |
| 9 |
|
| 10 |
I am following the instructions on |
| 11 |
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=1 |
| 12 |
but encouter a few problems: |
| 13 |
|
| 14 |
1/ |
| 15 |
emerging glibc always fails with |
| 16 |
|
| 17 |
!!! nptl glibc did not pass make check |
| 18 |
|
| 19 |
my USE flags vor glibc are "glibc-omitfp nptl nptlonly selinux -build |
| 20 |
-glibc-compat20 hardened -multilib -nls -profile" |
| 21 |
|
| 22 |
I tried compiling with nptlonly, but portage wouldn't accept that. |
| 23 |
emerging without the hardened flag, results in the same error. |
| 24 |
|
| 25 |
2/ |
| 26 |
after emerging selinux-base-policy, checkpolicy and policyresources, the |
| 27 |
HOWTO states that I should run "make load" |
| 28 |
in /etc/security/selinux/src/policy, but this directory does not exist |
| 29 |
(only /etc/security/ does). |
| 30 |
|
| 31 |
3/ |
| 32 |
then, later on, many ebuilds fail to emerge: pam, coreutils, |
| 33 |
device-mapper, etc... the same ebuilds, on the same architecture, emerge |
| 34 |
fine on other systems. |
| 35 |
|
| 36 |
4/ |
| 37 |
finally, I'm completely stuck when I want to label my filesystems, |
| 38 |
because of the empty (non-existing) /etc/security/selinux/src/policy |
| 39 |
directory. |
| 40 |
|
| 41 |
is there something I'm completely missing here? |
| 42 |
|
| 43 |
can someone here help me out? |
| 44 |
|
| 45 |
thanks! |
| 46 |
|
| 47 |
-- |
| 48 |
kind regards, |
| 49 |
Bart Van Loon |
| 50 |
|
| 51 |
I'm just very selective about the reality I choose to accept. --- Calvin |
| 52 |
|
| 53 |
-- |
| 54 |
gentoo-hardened@g.o mailing list |
Archives