| 1 |
Hello again, |
| 2 |
|
| 3 |
I jumped the gun and attempted to reload the toolchain after changing the |
| 4 |
gcc profile to gcc-3.4.4-r1-hardened. I got through |
| 5 |
binutils and gcc, then glibc fails, saying it explicity requires SELInux. |
| 6 |
|
| 7 |
Strange thing happened to my gcc profiles too. Running gcc-config shows 5 |
| 8 |
choices, only gcc-3.4.4-hardened is gone, replaced by gcc-3.4.4-vanilla at |
| 9 |
the end. This sort of makes sense. |
| 10 |
|
| 11 |
Currently I am again compiling gcc, hoping that it will do something that |
| 12 |
will make glibc compile OK. I selected gcc-3.4.4-hardened-nopie to see if |
| 13 |
that helps. |
| 14 |
|
| 15 |
Does |
| 16 |
|
| 17 |
gcc-3.4.4-hardened-nopiessp mean that neither pie or ssp will be |
| 18 |
installed, or only ssp? I searched around for an explanation of these |
| 19 |
profiles but found none. Might be a good idea for the docs. |
| 20 |
|
| 21 |
Alby |
| 22 |
|
| 23 |
On Sat, 24 Sep 2005, Albert Lash wrote: |
| 24 |
|
| 25 |
> Hello, |
| 26 |
> |
| 27 |
> I am running gentoo-hardened kernel 2.6.11-r15 on an amd64 system. I have |
| 28 |
> followed the convert howto and found it very straightforward and clear. |
| 29 |
> |
| 30 |
> However, I noticed my list of deps was rather large during a recent emerge |
| 31 |
> pretend and so I checked my setup and found SELinux to be not enabled - |
| 32 |
> |
| 33 |
> !!!SELinux not enabled:... |
| 34 |
> |
| 35 |
> So I checked my profile, and it was not the hardened profile! I updated |
| 36 |
> the profile, and reloaded the profile, and so now when I run sestatus it |
| 37 |
> gives me the desired response: |
| 38 |
> |
| 39 |
> sestatus |
| 40 |
> SELinux status: enabled |
| 41 |
> SELinuxfs mount: /selinux |
| 42 |
> Current mode: permissive |
| 43 |
> Policy version: 18 |
| 44 |
> |
| 45 |
> Policy booleans: |
| 46 |
> secure_mode inactive |
| 47 |
> ssh_sysadm_login inactive |
| 48 |
> user_ping inactive |
| 49 |
> |
| 50 |
> However, when I run gcc-config -l, I am running the vanilla gcc-3.4.4. I |
| 51 |
> searched for information on whether I need to be using the hardened and |
| 52 |
> can't find much. Do I need to enabled the hardened compiler, and |
| 53 |
> re-compile everything under the new selinux profile and policy? |
| 54 |
> |
| 55 |
> Thank you, |
| 56 |
> |
| 57 |
> Alby Lash |
| 58 |
> |
| 59 |
> -- |
| 60 |
> gentoo-hardened@g.o mailing list |
| 61 |
> |
| 62 |
-- |
| 63 |
gentoo-hardened@g.o mailing list |
Archives