Re: [gentoo-hardened] Help required in creating a new profile - gentoo-hardened

From:	John Eckhart <jweckhart@×××××.com>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Help required in creating a new profile
Date:	Tue, 27 Nov 2007 21:22:30
Message-Id:	`e532144c0711271312j46fb3ba9m7effe4d0e8257e29@mail.gmail.com`
In Reply to:	[gentoo-hardened] Help required in creating a new profile by "आशीष Ashish"

1

Ashish,

2

3

    The preferred way to go about using hardened would be to link an

4

existing hardened profile: (i.e.

5

/usr/portage/profiles/selinux/2007.0/amd64/hardened)

6

to /etc/make.conf:

7

8

ln -sf /usr/portage/selinux/2007.0/amd64/hardened /etc/make.conf

9

10

If you have additional profile overrides (i.e. changes to the use masking),

11

you can put them in /etc/portage/profile (see the portage(5) manpage for

12

more information)

13

14

On Nov 27, 2007 3:18 PM, आशीष Ashish <wahjava.ml@×××××.com> wrote:

15

16

> Hi,

17

>

18

> I wanted to install *Hardened* Gentoo Linux 2007.0 on my AMD64

19

> architecture

20

> box with *SELinux* support and no *multilib* support. I'm in the initial

21

> stage of installation. I've just extracted the stage3 'hardened' tarball

22

> and

23

> portage snapshot.

24

>

25

> The 'hardened' stage3 tarball ships with a default hardened profile, to

26

> which

27

> I wanted to add *selinux* support. I've created a profile, which is not

28

> working as expected. Following is the my profile, which I saved

29

> in "/usr/local/portage/profiles/selinux-hardened-amd64" .

30

>

31

> - ----8<----8<----

32

> chatteau selinux-hardened-amd64 # file *

33

> make.defaults: symbolic link to

34

> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/make.defaults'

35

> package.mask:  symbolic link to

36

> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/package.mask'

37

> parent:        ASCII text

38

> use.mask:      symbolic link to

39

> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/use.mask'

40

> chatteau selinux-hardened-amd64 # cat parent

41

> ../../../../portage/profiles/selinux/2007.0/amd64

42

> ../../../../portage/profiles/hardened/amd64

43

> selinux-hardened-amd64 # file /etc/make.profile

44

> /etc/make.profile: symbolic link to

45

> `/usr/local/portage/profiles/selinux-hardened-amd64'

46

> - ---->8---->8----

47

>

48

> Following is my "make.conf" :

49

>

50

> - ----8<----8<----

51

> CFLAGS="-O2 -pipe -ggdb -fforce-addr -mtune=nocona -march=nocona

52

> - -fstack-protector-all"

53

> CXXFLAGS="${CFLAGS}"

54

> CHOST="x86_64-pc-linux-gnu"

55

> FEATURES="ccache collision-protect buildpkg parallel-fetch splitdebug

56

> userfetch"

57

> - ---->8---->8----

58

>

59

> Following is the output of 'euse -a', on the basis of which I'm concluding

60

> its not working:

61

>

62

> - ----8<----8<----

63

> chatteau selinux-hardened-amd64 # euse -a

64

> berkdb              [+  D ]

65

> cli                 [+  D ]

66

> cracklib            [+    ]

67

> crypt               [+  D ]

68

> cups                [+  D ]

69

> dri                 [+  D ]

70

> fbdev               [+    ]

71

> fortran             [+  D ]

72

> gdbm                [+  D ]

73

> gpm                 [+  D ]

74

> hardened            [+  D ]

75

> iconv               [+  D ]

76

> ipv6                [+  D ]

77

> isdnlog             [+  D ]

78

> justify             [+    ]

79

> ladspa              [+    ]

80

> midi                [+    ]

81

> mudflap             [+  D ]

82

> ncurses             [+  D ]

83

> nls                 [+  D ]

84

> nptl                [+  D ]

85

> nptlonly            [+  D ]

86

> openmp              [+  D ]

87

> pam                 [+  D ]

88

> pcre                [+  D ]

89

> perl                [+  D ]

90

> pic                 [+  D ]

91

> pppd                [+  D ]

92

> python              [+  D ]

93

> readline            [+  D ]

94

> reflection          [+  D ]

95

> session             [+  D ]

96

> spl                 [+  D ]

97

> sse                 [+  D ]

98

> sse2                [+  D ]

99

> ssl                 [+  D ]

100

> tcpd                [+  D ]

101

> text                [+    ]

102

> tga                 [+    ]

103

> unicode             [+  D ]

104

> urandom             [+    ]

105

> v4l                 [+    ]

106

> vga                 [+    ]

107

> xorg                [+  D ]

108

> zlib                [+  D ]

109

> - ---->8---->8----

110

>

111

> I'm not expert in gentoo, so if I'm wrong somewhere please correct me.

112

>

113

> [I've also posted this message alt.os.linux.gentoo.]

114

>

115

> TIA

116

> --

117

> Ashish Shukla आशीष शुक्ल

118

> http://wahjava.wordpress.com/

119

> ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --

120

>

Gentoo Archives: gentoo-hardened

Replies

1	Ashish,
2
3	The preferred way to go about using hardened would be to link an
4	existing hardened profile: (i.e.
5	/usr/portage/profiles/selinux/2007.0/amd64/hardened)
6	to /etc/make.conf:
7
8	ln -sf /usr/portage/selinux/2007.0/amd64/hardened /etc/make.conf
9
10	If you have additional profile overrides (i.e. changes to the use masking),
11	you can put them in /etc/portage/profile (see the portage(5) manpage for
12	more information)
13
14	On Nov 27, 2007 3:18 PM, आशीष Ashish <wahjava.ml@×××××.com> wrote:
15
16	> Hi,
17	>
18	> I wanted to install Hardened Gentoo Linux 2007.0 on my AMD64
19	> architecture
20	> box with SELinux support and no multilib support. I'm in the initial
21	> stage of installation. I've just extracted the stage3 'hardened' tarball
22	> and
23	> portage snapshot.
24	>
25	> The 'hardened' stage3 tarball ships with a default hardened profile, to
26	> which
27	> I wanted to add selinux support. I've created a profile, which is not
28	> working as expected. Following is the my profile, which I saved
29	> in "/usr/local/portage/profiles/selinux-hardened-amd64" .
30	>
31	> - ----8<----8<----
32	> chatteau selinux-hardened-amd64 # file *
33	> make.defaults: symbolic link to
34	> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/make.defaults'
35	> package.mask: symbolic link to
36	> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/package.mask'
37	> parent: ASCII text
38	> use.mask: symbolic link to
39	> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/use.mask'
40	> chatteau selinux-hardened-amd64 # cat parent
41	> ../../../../portage/profiles/selinux/2007.0/amd64
42	> ../../../../portage/profiles/hardened/amd64
43	> selinux-hardened-amd64 # file /etc/make.profile
44	> /etc/make.profile: symbolic link to
45	> `/usr/local/portage/profiles/selinux-hardened-amd64'
46	> - ---->8---->8----
47	>
48	> Following is my "make.conf" :
49	>
50	> - ----8<----8<----
51	> CFLAGS="-O2 -pipe -ggdb -fforce-addr -mtune=nocona -march=nocona
52	> - -fstack-protector-all"
53	> CXXFLAGS="${CFLAGS}"
54	> CHOST="x86_64-pc-linux-gnu"
55	> FEATURES="ccache collision-protect buildpkg parallel-fetch splitdebug
56	> userfetch"
57	> - ---->8---->8----
58	>
59	> Following is the output of 'euse -a', on the basis of which I'm concluding
60	> its not working:
61	>
62	> - ----8<----8<----
63	> chatteau selinux-hardened-amd64 # euse -a
64	> berkdb [+ D ]
65	> cli [+ D ]
66	> cracklib [+ ]
67	> crypt [+ D ]
68	> cups [+ D ]
69	> dri [+ D ]
70	> fbdev [+ ]
71	> fortran [+ D ]
72	> gdbm [+ D ]
73	> gpm [+ D ]
74	> hardened [+ D ]
75	> iconv [+ D ]
76	> ipv6 [+ D ]
77	> isdnlog [+ D ]
78	> justify [+ ]
79	> ladspa [+ ]
80	> midi [+ ]
81	> mudflap [+ D ]
82	> ncurses [+ D ]
83	> nls [+ D ]
84	> nptl [+ D ]
85	> nptlonly [+ D ]
86	> openmp [+ D ]
87	> pam [+ D ]
88	> pcre [+ D ]
89	> perl [+ D ]
90	> pic [+ D ]
91	> pppd [+ D ]
92	> python [+ D ]
93	> readline [+ D ]
94	> reflection [+ D ]
95	> session [+ D ]
96	> spl [+ D ]
97	> sse [+ D ]
98	> sse2 [+ D ]
99	> ssl [+ D ]
100	> tcpd [+ D ]
101	> text [+ ]
102	> tga [+ ]
103	> unicode [+ D ]
104	> urandom [+ ]
105	> v4l [+ ]
106	> vga [+ ]
107	> xorg [+ D ]
108	> zlib [+ D ]
109	> - ---->8---->8----
110	>
111	> I'm not expert in gentoo, so if I'm wrong somewhere please correct me.
112	>
113	> [I've also posted this message alt.os.linux.gentoo.]
114	>
115	> TIA
116	> --
117	> Ashish Shukla आशीष शुक्ल
118	> http://wahjava.wordpress.com/
119	> ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
120	>

Subject	Author
Re: [gentoo-hardened] Help required in creating a new profile	Alex Brandt <alunduil@××××××××.com>
Re: [gentoo-hardened] Help required in creating a new profile	brant williams <brant@×××××.net>
Re: [gentoo-hardened] Help required in creating a new profile	"आशीष Ashish" <wahjava.ml@×××××.com>