[gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened: pax-migrate-xattr.xml - gentoo-commits

From:	"Anthony G. Basile (blueness)" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened: pax-migrate-xattr.xml
Date:	Sun, 28 Jul 2013 01:20:54
Message-Id:	`20130728012047.9E8A52171C@flycatcher.gentoo.org`

1

blueness    13/07/28 01:20:47

2

3

  Modified:             pax-migrate-xattr.xml

4

  Log:

5

  Update pax migration guide, bug #478400

6

7

Revision  Changes    Path

8

1.3                  xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml?rev=1.3&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml?rev=1.3&content-type=text/plain

12

diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml?r1=1.2&r2=1.3

13

14

Index: pax-migrate-xattr.xml

15

===================================================================

16

RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml,v

17

retrieving revision 1.2

18

retrieving revision 1.3

19

diff -u -r1.2 -r1.3

20

--- pax-migrate-xattr.xml	14 Jan 2013 12:20:38 -0000	1.2

21

+++ pax-migrate-xattr.xml	28 Jul 2013 01:20:47 -0000	1.3

22

@@ -1,5 +1,5 @@

23

 <?xml version='1.0' encoding="UTF-8"?>

24

-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml,v 1.2 2013/01/14 12:20:38 blueness Exp $ -->

25

+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml,v 1.3 2013/07/28 01:20:47 blueness Exp $ -->

26

 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">

27

28

 <guide lang="en">

29

@@ -117,17 +117,7 @@

30

   <dd><b>a.</b> make sure you set USE=xattr in your global USE flags, and</dd>

31

   <dd><b>b.</b> emerge >=sys-apps/elfix-0.8.1 without disabling either ptpax or xtpax USE flags.</dd>

32

33

-  <dt><b>2. Portage preliminaries:</b></dt>

34

-  <dd>The current in tree pax-utils.eclass is not XATTR_PAX aware, and so we need to

35

-  use the pax-utils.eclass from the

36

-  <uri link='http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary'>

37

-  hardened-development overlay</uri>.  Add the overlay using layman and make sure you

38

-  set up your repos.conf file so that it overrides the tree eclass (man portage for more

39

-  details on how to setup repos.conf).  This step will be removed once we update the eclass

40

-  in tree (<uri link='https://bugs.gentoo.org/show_bug.cgi?id=431092'>bug #431092</uri>).

41

-  </dd>

42

-

43

-  <dt><b>3. Kernel preliminaries:</b></dt>

44

+  <dt><b>2. Kernel preliminaries:</b></dt>

45

   <dd>As you do the migration, you must make sure your filesystem can accomodate extended

46

   attributes, including tmpfs!  If your kernel hasn't been already so configured, do so

47

   now and reboot into it.  Choosing PAX_XATTR_PAX_FLAGS under the PaX kernel menu

48

@@ -136,7 +126,7 @@

49

   PT_PAX will be respected until you create XATTR_PAX fields on the target binaries.

50

   We'll tolerate this as a transition, but we recommend using only XATTR_PAX afterward.</dd>

51

52

-  <dt><b>4. Migrate the flags:</b></dt>

53

+  <dt><b>3. Migrate the flags:</b></dt>

54

   <dd>The elfix package comes with migrate-pax.  Running it with the -m flag will

55

   copy the PT_PAX flags to XATTR_PAX for every ELF object that portage knows about,

56

   <b>except</b> for those object which have the <b>default</b> flags.  Since a kernel

57

@@ -145,13 +135,13 @@

58

   desired.  Running <c>migrate-pax -m</c> is very safe and you can easily undo it by

59

   running <c>migrate-pax -d</c>.</dd>

60

61

-  <dt><b>5. Boot into an XATTR_PAX only kernel:</b></dt>

62

+  <dt><b>4. Boot into an XATTR_PAX only kernel:</b></dt>

63

   <dd>You can now boot into a pure XATTR_PAX kernel.  Make sure PT_PAX is off.  Even

64

   though the flags should be the same in both fields, or XATTR_PAX absent in the case

65

   of default flags, we will be on the side of caution and keep control over the effective

66

   flags by using only XATTR_PAX.</dd>

67

68

-  <dt><b>6. Profit!</b></dt>

69

+  <dt><b>5. Profit!</b></dt>

70

   <dd>If you really want to make sure it worked, the elfix package comes with some test

71

   suites.  These are tricky to use correctly because if you have the wrong combination

72

   of PT_PAX versus XATTR_PAX userland/kernel configurations, you'll get a lot of false

1	blueness 13/07/28 01:20:47
2
3	Modified: pax-migrate-xattr.xml
4	Log:
5	Update pax migration guide, bug #478400
6
7	Revision Changes Path
8	1.3 xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml?rev=1.3&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml?rev=1.3&content-type=text/plain
12	diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml?r1=1.2&r2=1.3
13
14	Index: pax-migrate-xattr.xml
15	===================================================================
16	RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml,v
17	retrieving revision 1.2
18	retrieving revision 1.3
19	diff -u -r1.2 -r1.3
20	--- pax-migrate-xattr.xml 14 Jan 2013 12:20:38 -0000 1.2
21	+++ pax-migrate-xattr.xml 28 Jul 2013 01:20:47 -0000 1.3
22	@@ -1,5 +1,5 @@
23	<?xml version='1.0' encoding="UTF-8"?>
24	-<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml,v 1.2 2013/01/14 12:20:38 blueness Exp $ -->
25	+<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/pax-migrate-xattr.xml,v 1.3 2013/07/28 01:20:47 blueness Exp $ -->
26	<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
27
28	<guide lang="en">
29	@@ -117,17 +117,7 @@
30	<dd><b>a.</b> make sure you set USE=xattr in your global USE flags, and</dd>
31	<dd><b>b.</b> emerge >=sys-apps/elfix-0.8.1 without disabling either ptpax or xtpax USE flags.</dd>
32
33	- <dt><b>2. Portage preliminaries:</b></dt>
34	- <dd>The current in tree pax-utils.eclass is not XATTR_PAX aware, and so we need to
35	- use the pax-utils.eclass from the
36	- <uri link='http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=summary'>
37	- hardened-development overlay</uri>. Add the overlay using layman and make sure you
38	- set up your repos.conf file so that it overrides the tree eclass (man portage for more
39	- details on how to setup repos.conf). This step will be removed once we update the eclass
40	- in tree (<uri link='https://bugs.gentoo.org/show_bug.cgi?id=431092'>bug #431092</uri>).
41	- </dd>
42	-
43	- <dt><b>3. Kernel preliminaries:</b></dt>
44	+ <dt><b>2. Kernel preliminaries:</b></dt>
45	<dd>As you do the migration, you must make sure your filesystem can accomodate extended
46	attributes, including tmpfs! If your kernel hasn't been already so configured, do so
47	now and reboot into it. Choosing PAX_XATTR_PAX_FLAGS under the PaX kernel menu
48	@@ -136,7 +126,7 @@
49	PT_PAX will be respected until you create XATTR_PAX fields on the target binaries.
50	We'll tolerate this as a transition, but we recommend using only XATTR_PAX afterward.</dd>
51
52	- <dt><b>4. Migrate the flags:</b></dt>
53	+ <dt><b>3. Migrate the flags:</b></dt>
54	<dd>The elfix package comes with migrate-pax. Running it with the -m flag will
55	copy the PT_PAX flags to XATTR_PAX for every ELF object that portage knows about,
56	<b>except</b> for those object which have the <b>default</b> flags. Since a kernel
57	@@ -145,13 +135,13 @@
58	desired. Running <c>migrate-pax -m</c> is very safe and you can easily undo it by
59	running <c>migrate-pax -d</c>.</dd>
60
61	- <dt><b>5. Boot into an XATTR_PAX only kernel:</b></dt>
62	+ <dt><b>4. Boot into an XATTR_PAX only kernel:</b></dt>
63	<dd>You can now boot into a pure XATTR_PAX kernel. Make sure PT_PAX is off. Even
64	though the flags should be the same in both fields, or XATTR_PAX absent in the case
65	of default flags, we will be on the side of caution and keep control over the effective
66	flags by using only XATTR_PAX.</dd>
67
68	- <dt><b>6. Profit!</b></dt>
69	+ <dt><b>5. Profit!</b></dt>
70	<dd>If you really want to make sure it worked, the elfix package comes with some test
71	suites. These are tricky to use correctly because if you have the wrong combination
72	of PT_PAX versus XATTR_PAX userland/kernel configurations, you'll get a lot of false

Gentoo Archives: gentoo-commits