| 1 |
Ernesto Rodriguez Ortiz wrote: |
| 2 |
> Hello here, I have some problems compiled glibc, I am trying to install a server with PaX and SELinux, I have an decompressing stage3 hardened and portage, change the profile for selinux/2007.0/x86/hardened and set the make.conf as a show down .Any idea how I can fix the problem with glibc? |
| 3 |
|
| 4 |
When you switch from a non-hardened to a hardened profile, you need to |
| 5 |
rebuild the entire toolchain in the correct order, then preferrably |
| 6 |
rebuild everything else. This should also pick up any changes needed to |
| 7 |
support SELinux in your userland, plus pull in the userland tools and |
| 8 |
policy files. |
| 9 |
|
| 10 |
From the PaX Quickstart, the steps should be: |
| 11 |
|
| 12 |
eselect profile set <hardened #> |
| 13 |
emerge -1 binutils gcc glibc |
| 14 |
emerge -e world |
| 15 |
|
| 16 |
I can tell you from experience that jumping directly from a vanilla |
| 17 |
profile to an SELinux + hardened profile can be tricky, and I've ended |
| 18 |
up starting over a few times. I would strongly suggest that you do them |
| 19 |
separately: |
| 20 |
|
| 21 |
vanilla -> hardened -> selinux/hardened |
| 22 |
|
| 23 |
This means you might end up recompiling a few packages multiple times, |
| 24 |
but it's more likely to succeed. Follow the steps in the two |
| 25 |
installation guides: |
| 26 |
|
| 27 |
http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml |
| 28 |
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2 |
| 29 |
|
| 30 |
If you want to try to get the whole thing in one step, in theory you |
| 31 |
should be able to do so by setting FEATURES="-selinux" in your |
| 32 |
make.conf, emerge everything, then remove that line and relabel |
| 33 |
everything, as described in the SELinux handbook. |
Archives