1 |
On Tue, 2007-02-27 at 16:54 -0800, Michael Carns wrote: |
2 |
> I've been running a server in an amd64 hardened+selinux+multilib |
3 |
> configuration for quite a while now. Initially I used a selinux profile |
4 |
> and just added USE="hardened pic pie ssp", etc to my make.conf. |
5 |
> However, when the issues related to gcc-4 appeared I decided I really |
6 |
> needed to switch to a true hardened profile since I didn't want to |
7 |
> emerge glibc-2.4 and gcc-4 by accident. |
8 |
> |
9 |
> I went looking for an appropriate amd64 profile, but I didn't find one. |
10 |
> I went ahead and created one by merging the selinux amd64 profile with |
11 |
> the hardened/multilib profile into my overlay in /usr/local/portage. |
12 |
> While this setup succeeds in masking off the undesired versions of gcc |
13 |
> and glibc, it forces me to manually keep the profile in sync with the |
14 |
> main portage tree. |
15 |
> |
16 |
> Is there some reason that this profile combination doesn't exist in |
17 |
> /usr/portage? Am I using an unsupported configuration and have just |
18 |
> been lucky for well over a year? Is this arch combination missing a |
19 |
> maintainer? |
20 |
|
21 |
The 2006.1 SELinux support requires glibc 2.4, and since the hardened |
22 |
compiler is not ready, there is no SELinux+hardened gcc at this time. |
23 |
|
24 |
-- |
25 |
Chris PeBenito |
26 |
<pebenito@g.o> |
27 |
Developer, |
28 |
Hardened Gentoo Linux |
29 |
|
30 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
31 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |