1 |
Good morning, |
2 |
|
3 |
Please forgive my boldness (I'm Dutch). :) |
4 |
Last night I was functioning on 2 hours of sleep. |
5 |
The alias (a CnP from a previous e-mail in a "From Memory" context) is |
6 |
totally open for suggestions, criticism, improvement. |
7 |
In fact I was hoping to roll this around a little. |
8 |
|
9 |
I was wondering when gradm-2* would be put in portage? |
10 |
Would there be any sort of docs for this too? (Humble Plea) :) |
11 |
|
12 |
Thanks Again Gentoo-Hardened! |
13 |
j |
14 |
|
15 |
|
16 |
DOH! |
17 |
pressed reply! |
18 |
j |
19 |
|
20 |
-------- Original Message -------- |
21 |
Subject: Re: [gentoo-hardened] Grsecurity 2 in hardened-sources |
22 |
From: "Jesse Jacobs" <jesse@×××××××××××.net> |
23 |
Date: Tue, June 10, 2003 11:21 pm |
24 |
To: <solar@g.o> |
25 |
|
26 |
Hello, |
27 |
|
28 |
First, THANKS!!! |
29 |
|
30 |
Huge Appreciation here! |
31 |
|
32 |
Why use SLOTS? |
33 |
|
34 |
Would u be willing to try using a hard mask? |
35 |
|
36 |
When the grsec2 transition takes place across all kernels... |
37 |
|
38 |
we can use grsec2 by removing the hardmask. |
39 |
|
40 |
Anyone that want's to use grsec2 must maintain package.mask |
41 |
ie. |
42 |
alias realsync='emerge sync && diff -u /root/package.mask |
43 |
/usr/portage/profiles/package.mask > /root/package.mask.diff && cp |
44 |
/root/package.mask /usr/portage/profiles/package.mask && source |
45 |
/etc/profile && echo "Maintaining Your Package Limits."' |
46 |
|
47 |
Then update the box with: |
48 |
realsync; emerge -uUvp world; |
49 |
|
50 |
j |
51 |
|
52 |
Ned Ludd said: |
53 |
> On Mon, 2003-06-09 at 16:12, Joshua Brindle wrote: |
54 |
>> I'd rather you use SLOT's, this is what they are for.. |
55 |
>> otherwise in a few months you are going to have a |
56 |
>> sys-apps/gradm2 and you won't be able to move it |
57 |
>> (you can but it's overly complicated). |
58 |
>> |
59 |
>> you can just have gradm-1 in slot one that installs to |
60 |
>> /usr/sbin/gradm and gradm-2 in slot two that installs to |
61 |
>> /usr/sbin/gradm2 and they won't conflict, you could even |
62 |
>> give them different policy directories so that they don't |
63 |
>> collide. |
64 |
> |
65 |
>> You could then have both slots merged in next to each other |
66 |
>> and it wouldn't be an issue.. |
67 |
> |
68 |
> I dont see how this could/would prevent users that have ~arch keywords |
69 |
> from installing gradm-2 when using -sources other than |
70 |
> hardened-sources. |
71 |
> |
72 |
> Ok say we have ~arch in our keywords and we are using |
73 |
> gentoo-sources-2.4.20-r5(grsecurity 1.9.x) and we do emerge world the |
74 |
> next time we come back to this box it would end up having >=gradm-2 |
75 |
> installed and we would not be able to enable/disable the acl system. |
76 |
> |
77 |
>> the apache apache2 slot mess is really not SLOT'S fault, it's |
78 |
>> something different altogether, we have plenty of apps that |
79 |
>> have been happily slotted for a very long time (db, gtk, et al) |
80 |
> |
81 |
> SLOTS do not seem to properly address who is using what sources. |
82 |
> Example ever had a box running apache1 and had ~x86 in your keywords |
83 |
> and did 'emerge world' portage will override your previous install of |
84 |
> apache1 and force you to use apache2 [doh!]. This is my concern with |
85 |
> gradm-1 & gradm-2. |
86 |
> |
87 |
> If you or anybody on this list knows of a way to make this behave |
88 |
> correctly with these settings then please by all meens submit your |
89 |
> ebuild for gradm-2.0_pre4 (or fix portage so it honors whats installed |
90 |
> already when using ~arch flags) |
91 |
> |
92 |
> -- |
93 |
> Ned Ludd <solar@g.o> |
94 |
> Gentoo Linux (Hardened) |
95 |
> |
96 |
> |
97 |
> -- |
98 |
> gentoo-hardened@g.o mailing list |
99 |
|
100 |
|
101 |
|
102 |
|
103 |
-- |
104 |
gentoo-hardened@g.o mailing list |
105 |
|
106 |
|
107 |
|
108 |
Ned Ludd said: |
109 |
> On Mon, 2003-06-09 at 16:12, Joshua Brindle wrote: |
110 |
>> I'd rather you use SLOT's, this is what they are for.. |
111 |
>> otherwise in a few months you are going to have a |
112 |
>> sys-apps/gradm2 and you won't be able to move it |
113 |
>> (you can but it's overly complicated). |
114 |
>> |
115 |
>> you can just have gradm-1 in slot one that installs to |
116 |
>> /usr/sbin/gradm and gradm-2 in slot two that installs to |
117 |
>> /usr/sbin/gradm2 and they won't conflict, you could even |
118 |
>> give them different policy directories so that they don't |
119 |
>> collide. |
120 |
> |
121 |
>> You could then have both slots merged in next to each other |
122 |
>> and it wouldn't be an issue.. |
123 |
> |
124 |
> I dont see how this could/would prevent users that have ~arch keywords |
125 |
> from installing gradm-2 when using -sources other than hardened-sources. |
126 |
> |
127 |
> Ok say we have ~arch in our keywords and we are using |
128 |
> gentoo-sources-2.4.20-r5(grsecurity 1.9.x) and we do emerge world |
129 |
> the next time we come back to this box it would end up having >=gradm-2 |
130 |
> installed and we would not be able to enable/disable the acl system. |
131 |
> |
132 |
>> the apache apache2 slot mess is really not SLOT'S fault, it's |
133 |
>> something different altogether, we have plenty of apps that |
134 |
>> have been happily slotted for a very long time (db, gtk, et al) |
135 |
> |
136 |
> SLOTS do not seem to properly address who is using what sources. Example |
137 |
> ever had a box running apache1 and had ~x86 in your keywords and did |
138 |
> 'emerge world' portage will override your previous install of apache1 |
139 |
> and force you to use apache2 [doh!]. This is my concern with gradm-1 & |
140 |
> gradm-2. |
141 |
> |
142 |
> If you or anybody on this list knows of a way to make this behave |
143 |
> correctly with these settings then please by all meens submit your |
144 |
> ebuild for gradm-2.0_pre4 (or fix portage so it honors whats installed |
145 |
> already when using ~arch flags) |
146 |
> |
147 |
> -- |
148 |
> Ned Ludd <solar@g.o> |
149 |
> Gentoo Linux (Hardened) |
150 |
> |
151 |
> |
152 |
> -- |
153 |
> gentoo-hardened@g.o mailing list |
154 |
|
155 |
|
156 |
|
157 |
|
158 |
-- |
159 |
gentoo-hardened@g.o mailing list |