| 1 |
Beside modifying profile symlink you shouldn't need "pic" and "pie" flags |
| 2 |
in your make.conf any more. You can use "hardened" instead. To my best |
| 3 |
knowledge: compiling gcc and glibc first to get the new toolchain running |
| 4 |
and going on with "emerge -ve" world thereafter seems to be the method of |
| 5 |
choice for you. In this way it is ensured that every component will |
| 6 |
experince the beneficial effect of hardening during world compilation. |
| 7 |
You can postpone bringing up your grsecurity RBAC system as you wish. |
| 8 |
|
| 9 |
Regards, |
| 10 |
Dw. |
| 11 |
|
| 12 |
Jason K Larson said: |
| 13 |
> What is the best procedure for taking a system |
| 14 |
> from: default-linux/x86/2005.0 |
| 15 |
> to: hardened/x86/2.6 |
| 16 |
> |
| 17 |
> So far I'm thinking just update the profile symlink and `emerge -ve |
| 18 |
> system`, but I've seen a few threads about needing to emerge gcc and/or |
| 19 |
> glibc a few times first, whats the purpose and correct order to do this |
| 20 |
> in to get a system to start building correctly for hardened. |
| 21 |
> |
| 22 |
> I'm not planning to do anything with selinux yet, but I want to be in a |
| 23 |
> hardened state to prepare for that direction, along with pax and |
| 24 |
> grsecurity options. |
| 25 |
> |
| 26 |
> Thanks in advance, |
| 27 |
> |
| 28 |
> -- |
| 29 |
> Jason K Larson |
| 30 |
> |
| 31 |
> -- |
| 32 |
> gentoo-hardened@g.o mailing list |
| 33 |
|
| 34 |
|
| 35 |
-- |
| 36 |
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-30-5962-962 |
| 37 |
Attila Toth MD, Radiology Radiologist in Training, +36-30-5962-962 |
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
gentoo-hardened@g.o mailing list |
Archives