1 |
On Thu, 2004-04-29 at 18:24, Ed Wildgoose wrote: |
2 |
> >after untarring the stage1 tarball |
3 |
> >(stage1-pentium4-pie-ssp-2004.0.tar.bz2), there is no |
4 |
> >directory /mnt/gentoo/selinux to use as a mountpoint for an selinuxfs (as |
5 |
> > |
6 |
> > |
7 |
> |
8 |
> I guess that is because you used the hardened stage 1, not the selinux |
9 |
> stage 1 ! I think hardened doesn't need selinux? As in they are not |
10 |
> equivalent (part of the same team though) |
11 |
> |
12 |
> >I used these settings (below) for my make.conf before running |
13 |
> >bootstrap.sh. Should I redo this step using the settings described in |
14 |
> >this thread? |
15 |
> > |
16 |
> > |
17 |
> |
18 |
> If you see the recent threads, Chris PeBenito has kindly written some |
19 |
> good advice to me about similar questions. I think the gist is that |
20 |
> previously there was a hardened-gcc ebuild which did all this stuff. In |
21 |
> the future you will use >= gcc 3.3.3-r3 and USE="hardened" to get the |
22 |
> same effect. But right now you need some conbination of gcc and those |
23 |
> flags, and perhaps some voodoo to make it all work. I got the |
24 |
> impression that the use flag stuff was on it's way though |
25 |
|
26 |
Correct >=gcc-3.3.3-r2 includes support. |
27 |
It's however not quite perfect yet and thus not ready for full |
28 |
production. We have a few pending things left to do and then we can make |
29 |
new profiles roll stages etc.. Early adopters welcome to mess around |
30 |
just be warned that it's not our final implementation. |
31 |
|
32 |
Documentation.. Sigh yeah I suppose you all want this, I can't blame you |
33 |
either. For now let me point you at the pax docs at |
34 |
http://pax.grsecurity.net/docs/ (READ ALL OF THIS!) then when you get |
35 |
done there go read http://www.trl.ibm.com/projects/security/ssp/ |
36 |
We really want everybody to understand the concepts of why we opt to |
37 |
build this way. |
38 |
|
39 |
I'll try and see if we can muster up a quick start or two in this |
40 |
respect when it's time for us to roll those stages. |
41 |
|
42 |
-peace |
43 |
|
44 |
> |
45 |
> Good luck. I'm interested to hear any better answers myself! |
46 |
> |
47 |
> Thanks |
48 |
> |
49 |
> Ed W |
50 |
> |
51 |
> -- |
52 |
> gentoo-hardened@g.o mailing list |
53 |
-- |
54 |
Ned Ludd <solar@g.o> |
55 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |