1 |
Hello again, |
2 |
|
3 |
I jumped the gun and attempted to reload the toolchain after changing the |
4 |
gcc profile to gcc-3.4.4-r1-hardened. I got through |
5 |
binutils and gcc, then glibc fails, saying it explicity requires SELInux. |
6 |
|
7 |
Strange thing happened to my gcc profiles too. Running gcc-config shows 5 |
8 |
choices, only gcc-3.4.4-hardened is gone, replaced by gcc-3.4.4-vanilla at |
9 |
the end. This sort of makes sense. |
10 |
|
11 |
Currently I am again compiling gcc, hoping that it will do something that |
12 |
will make glibc compile OK. I selected gcc-3.4.4-hardened-nopie to see if |
13 |
that helps. |
14 |
|
15 |
Does |
16 |
|
17 |
gcc-3.4.4-hardened-nopiessp mean that neither pie or ssp will be |
18 |
installed, or only ssp? I searched around for an explanation of these |
19 |
profiles but found none. Might be a good idea for the docs. |
20 |
|
21 |
Alby |
22 |
|
23 |
On Sat, 24 Sep 2005, Albert Lash wrote: |
24 |
|
25 |
> Hello, |
26 |
> |
27 |
> I am running gentoo-hardened kernel 2.6.11-r15 on an amd64 system. I have |
28 |
> followed the convert howto and found it very straightforward and clear. |
29 |
> |
30 |
> However, I noticed my list of deps was rather large during a recent emerge |
31 |
> pretend and so I checked my setup and found SELinux to be not enabled - |
32 |
> |
33 |
> !!!SELinux not enabled:... |
34 |
> |
35 |
> So I checked my profile, and it was not the hardened profile! I updated |
36 |
> the profile, and reloaded the profile, and so now when I run sestatus it |
37 |
> gives me the desired response: |
38 |
> |
39 |
> sestatus |
40 |
> SELinux status: enabled |
41 |
> SELinuxfs mount: /selinux |
42 |
> Current mode: permissive |
43 |
> Policy version: 18 |
44 |
> |
45 |
> Policy booleans: |
46 |
> secure_mode inactive |
47 |
> ssh_sysadm_login inactive |
48 |
> user_ping inactive |
49 |
> |
50 |
> However, when I run gcc-config -l, I am running the vanilla gcc-3.4.4. I |
51 |
> searched for information on whether I need to be using the hardened and |
52 |
> can't find much. Do I need to enabled the hardened compiler, and |
53 |
> re-compile everything under the new selinux profile and policy? |
54 |
> |
55 |
> Thank you, |
56 |
> |
57 |
> Alby Lash |
58 |
> |
59 |
> -- |
60 |
> gentoo-hardened@g.o mailing list |
61 |
> |
62 |
-- |
63 |
gentoo-hardened@g.o mailing list |