1 |
Hi all, |
2 |
|
3 |
I just got my hands on a server on which I installed gentoo. I have |
4 |
quite some experience with Linux and gentoo, but it is the first time |
5 |
that I engaged in a gentoo-hardened installation. |
6 |
|
7 |
I have linux-headers-2.6.17-r1 installed and am running a |
8 |
2.6.17-hardened-r1 kernel in the selinux/x86/2006.1 profile. |
9 |
|
10 |
I am following the instructions on |
11 |
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=1 |
12 |
but encouter a few problems: |
13 |
|
14 |
1/ |
15 |
emerging glibc always fails with |
16 |
|
17 |
!!! nptl glibc did not pass make check |
18 |
|
19 |
my USE flags vor glibc are "glibc-omitfp nptl nptlonly selinux -build |
20 |
-glibc-compat20 hardened -multilib -nls -profile" |
21 |
|
22 |
I tried compiling with nptlonly, but portage wouldn't accept that. |
23 |
emerging without the hardened flag, results in the same error. |
24 |
|
25 |
2/ |
26 |
after emerging selinux-base-policy, checkpolicy and policyresources, the |
27 |
HOWTO states that I should run "make load" |
28 |
in /etc/security/selinux/src/policy, but this directory does not exist |
29 |
(only /etc/security/ does). |
30 |
|
31 |
3/ |
32 |
then, later on, many ebuilds fail to emerge: pam, coreutils, |
33 |
device-mapper, etc... the same ebuilds, on the same architecture, emerge |
34 |
fine on other systems. |
35 |
|
36 |
4/ |
37 |
finally, I'm completely stuck when I want to label my filesystems, |
38 |
because of the empty (non-existing) /etc/security/selinux/src/policy |
39 |
directory. |
40 |
|
41 |
is there something I'm completely missing here? |
42 |
|
43 |
can someone here help me out? |
44 |
|
45 |
thanks! |
46 |
|
47 |
-- |
48 |
kind regards, |
49 |
Bart Van Loon |
50 |
|
51 |
I'm just very selective about the reality I choose to accept. --- Calvin |
52 |
|
53 |
-- |
54 |
gentoo-hardened@g.o mailing list |