| 1 |
On Thu, 2005-11-24 at 16:14 +0100, Mivz wrote: |
| 2 |
> When I use the hardened portage profile (/usr/portage/profiles/hardened/x86) |
| 3 |
> I can not merge a 2.6 kernel. It reports it is masked by profile. |
| 4 |
> Then a again. When I want to use SELinux it is advised to use a 2.6 kernel. |
| 5 |
> This is no problem whit the SELinux profile. |
| 6 |
> But when the SELinux distro is hardened, why can't I use a 2.6 kernel |
| 7 |
> whit the default hardened profile? |
| 8 |
> Is 2.6 not secure enoughe? Is 2.6 onley secure enoughe whit SELinux enabled? |
| 9 |
> |
| 10 |
> What does the hardened/SELinux profile actually do, except for the |
| 11 |
> CFLAGS, LDFLAGS and the package masks? Could I just use a normal profile |
| 12 |
> and add the correct flags to my make.conf? |
| 13 |
> Or are the use flags (hardened, pic and pie) enough to build a Hardened |
| 14 |
> Gentoo system and will the ebuilds addapt the FLAGS to those? |
| 15 |
|
| 16 |
If you want selinux + hardened features, then use the selinux profile |
| 17 |
and add +hardened +pic to your USE= flags; then |
| 18 |
|
| 19 |
emerge gcc |
| 20 |
emerge -e world |
| 21 |
|
| 22 |
If you want to use 2.6 and not selinux then you need to link to the |
| 23 |
correct sub profile. |
| 24 |
|
| 25 |
$PORTDIR/profiles/hardened/x86/2.6/ |
| 26 |
|
| 27 |
|
| 28 |
-- |
| 29 |
Ned Ludd <solar@g.o> |
| 30 |
Gentoo Linux |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-hardened@g.o mailing list |
Archives