Gentoo Archives: gentoo-hardened

From:	Jesse Jacobs <jesse@×××××××××××.net>
To:	gentoo-hardened@g.o
Subject:	Re: [gentoo-hardened] Grsecurity 2 in hardened-sources
Date:	Wed, 11 Jun 2003 12:00:35
Message-Id:	`1403.24.112.121.186.1055333530.squirrel@eazy.homeip.net`
In Reply to:	Re: [gentoo-hardened] Grsecurity 2 in hardened-sources by Ned Ludd

1	Good morning,
2
3	Please forgive my boldness (I'm Dutch). :)
4	Last night I was functioning on 2 hours of sleep.
5	The alias (a CnP from a previous e-mail in a "From Memory" context) is
6	totally open for suggestions, criticism, improvement.
7	In fact I was hoping to roll this around a little.
8
9	I was wondering when gradm-2* would be put in portage?
10	Would there be any sort of docs for this too? (Humble Plea) :)
11
12	Thanks Again Gentoo-Hardened!
13	j
14
15
16	DOH!
17	pressed reply!
18	j
19
20	-------- Original Message --------
21	Subject: Re: [gentoo-hardened] Grsecurity 2 in hardened-sources
22	From: "Jesse Jacobs" <jesse@×××××××××××.net>
23	Date: Tue, June 10, 2003 11:21 pm
24	To: <solar@g.o>
25
26	Hello,
27
28	First, THANKS!!!
29
30	Huge Appreciation here!
31
32	Why use SLOTS?
33
34	Would u be willing to try using a hard mask?
35
36	When the grsec2 transition takes place across all kernels...
37
38	we can use grsec2 by removing the hardmask.
39
40	Anyone that want's to use grsec2 must maintain package.mask
41	ie.
42	alias realsync='emerge sync && diff -u /root/package.mask
43	/usr/portage/profiles/package.mask > /root/package.mask.diff && cp
44	/root/package.mask /usr/portage/profiles/package.mask && source
45	/etc/profile && echo "Maintaining Your Package Limits."'
46
47	Then update the box with:
48	realsync; emerge -uUvp world;
49
50	j
51
52	Ned Ludd said:
53	> On Mon, 2003-06-09 at 16:12, Joshua Brindle wrote:
54	>> I'd rather you use SLOT's, this is what they are for..
55	>> otherwise in a few months you are going to have a
56	>> sys-apps/gradm2 and you won't be able to move it
57	>> (you can but it's overly complicated).
58	>>
59	>> you can just have gradm-1 in slot one that installs to
60	>> /usr/sbin/gradm and gradm-2 in slot two that installs to
61	>> /usr/sbin/gradm2 and they won't conflict, you could even
62	>> give them different policy directories so that they don't
63	>> collide.
64	>
65	>> You could then have both slots merged in next to each other
66	>> and it wouldn't be an issue..
67	>
68	> I dont see how this could/would prevent users that have ~arch keywords
69	> from installing gradm-2 when using -sources other than
70	> hardened-sources.
71	>
72	> Ok say we have ~arch in our keywords and we are using
73	> gentoo-sources-2.4.20-r5(grsecurity 1.9.x) and we do emerge world the
74	> next time we come back to this box it would end up having >=gradm-2
75	> installed and we would not be able to enable/disable the acl system.
76	>
77	>> the apache apache2 slot mess is really not SLOT'S fault, it's
78	>> something different altogether, we have plenty of apps that
79	>> have been happily slotted for a very long time (db, gtk, et al)
80	>
81	> SLOTS do not seem to properly address who is using what sources.
82	> Example ever had a box running apache1 and had ~x86 in your keywords
83	> and did 'emerge world' portage will override your previous install of
84	> apache1 and force you to use apache2 [doh!]. This is my concern with
85	> gradm-1 & gradm-2.
86	>
87	> If you or anybody on this list knows of a way to make this behave
88	> correctly with these settings then please by all meens submit your
89	> ebuild for gradm-2.0_pre4 (or fix portage so it honors whats installed
90	> already when using ~arch flags)
91	>
92	> --
93	> Ned Ludd <solar@g.o>
94	> Gentoo Linux (Hardened)
95	>
96	>
97	> --
98	> gentoo-hardened@g.o mailing list
99
100
101
102
103	--
104	gentoo-hardened@g.o mailing list
105
106
107
108	Ned Ludd said:
109	> On Mon, 2003-06-09 at 16:12, Joshua Brindle wrote:
110	>> I'd rather you use SLOT's, this is what they are for..
111	>> otherwise in a few months you are going to have a
112	>> sys-apps/gradm2 and you won't be able to move it
113	>> (you can but it's overly complicated).
114	>>
115	>> you can just have gradm-1 in slot one that installs to
116	>> /usr/sbin/gradm and gradm-2 in slot two that installs to
117	>> /usr/sbin/gradm2 and they won't conflict, you could even
118	>> give them different policy directories so that they don't
119	>> collide.
120	>
121	>> You could then have both slots merged in next to each other
122	>> and it wouldn't be an issue..
123	>
124	> I dont see how this could/would prevent users that have ~arch keywords
125	> from installing gradm-2 when using -sources other than hardened-sources.
126	>
127	> Ok say we have ~arch in our keywords and we are using
128	> gentoo-sources-2.4.20-r5(grsecurity 1.9.x) and we do emerge world
129	> the next time we come back to this box it would end up having >=gradm-2
130	> installed and we would not be able to enable/disable the acl system.
131	>
132	>> the apache apache2 slot mess is really not SLOT'S fault, it's
133	>> something different altogether, we have plenty of apps that
134	>> have been happily slotted for a very long time (db, gtk, et al)
135	>
136	> SLOTS do not seem to properly address who is using what sources. Example
137	> ever had a box running apache1 and had ~x86 in your keywords and did
138	> 'emerge world' portage will override your previous install of apache1
139	> and force you to use apache2 [doh!]. This is my concern with gradm-1 &
140	> gradm-2.
141	>
142	> If you or anybody on this list knows of a way to make this behave
143	> correctly with these settings then please by all meens submit your
144	> ebuild for gradm-2.0_pre4 (or fix portage so it honors whats installed
145	> already when using ~arch flags)
146	>
147	> --
148	> Ned Ludd <solar@g.o>
149	> Gentoo Linux (Hardened)
150	>
151	>
152	> --
153	> gentoo-hardened@g.o mailing list
154
155
156
157
158	--
159	gentoo-hardened@g.o mailing list

Replies

Subject	Author
Re: [gentoo-hardened] Grsecurity 2 in hardened-sources	Ned Ludd <solar@g.o>

Report Message

Find on MARC Find on Google Groups