| 1 |
I've been running a server in an amd64 hardened+selinux+multilib |
| 2 |
configuration for quite a while now. Initially I used a selinux profile |
| 3 |
and just added USE="hardened pic pie ssp", etc to my make.conf. |
| 4 |
However, when the issues related to gcc-4 appeared I decided I really |
| 5 |
needed to switch to a true hardened profile since I didn't want to |
| 6 |
emerge glibc-2.4 and gcc-4 by accident. |
| 7 |
|
| 8 |
I went looking for an appropriate amd64 profile, but I didn't find one. |
| 9 |
I went ahead and created one by merging the selinux amd64 profile with |
| 10 |
the hardened/multilib profile into my overlay in /usr/local/portage. |
| 11 |
While this setup succeeds in masking off the undesired versions of gcc |
| 12 |
and glibc, it forces me to manually keep the profile in sync with the |
| 13 |
main portage tree. |
| 14 |
|
| 15 |
Is there some reason that this profile combination doesn't exist in |
| 16 |
/usr/portage? Am I using an unsupported configuration and have just |
| 17 |
been lucky for well over a year? Is this arch combination missing a |
| 18 |
maintainer? |
| 19 |
|
| 20 |
Thanks, |
| 21 |
Mike Carns |
| 22 |
-- |
| 23 |
gentoo-hardened@g.o mailing list |
Archives