| 1 |
On Tue, 2007-02-27 at 16:54 -0800, Michael Carns wrote: |
| 2 |
> I've been running a server in an amd64 hardened+selinux+multilib |
| 3 |
> configuration for quite a while now. Initially I used a selinux profile |
| 4 |
> and just added USE="hardened pic pie ssp", etc to my make.conf. |
| 5 |
> However, when the issues related to gcc-4 appeared I decided I really |
| 6 |
> needed to switch to a true hardened profile since I didn't want to |
| 7 |
> emerge glibc-2.4 and gcc-4 by accident. |
| 8 |
> |
| 9 |
> I went looking for an appropriate amd64 profile, but I didn't find one. |
| 10 |
> I went ahead and created one by merging the selinux amd64 profile with |
| 11 |
> the hardened/multilib profile into my overlay in /usr/local/portage. |
| 12 |
> While this setup succeeds in masking off the undesired versions of gcc |
| 13 |
> and glibc, it forces me to manually keep the profile in sync with the |
| 14 |
> main portage tree. |
| 15 |
> |
| 16 |
> Is there some reason that this profile combination doesn't exist in |
| 17 |
> /usr/portage? Am I using an unsupported configuration and have just |
| 18 |
> been lucky for well over a year? Is this arch combination missing a |
| 19 |
> maintainer? |
| 20 |
|
| 21 |
The 2006.1 SELinux support requires glibc 2.4, and since the hardened |
| 22 |
compiler is not ready, there is no SELinux+hardened gcc at this time. |
| 23 |
|
| 24 |
-- |
| 25 |
Chris PeBenito |
| 26 |
<pebenito@g.o> |
| 27 |
Developer, |
| 28 |
Hardened Gentoo Linux |
| 29 |
|
| 30 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
| 31 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |
Archives