| 1 |
Clemente Aguiar wrote: |
| 2 |
> Ter, 2009-02-10 às 10:40 -0800, Ned Ludd escreveu: |
| 3 |
>> On Tue, 2009-02-10 at 19:17 +0100, Thomas Sachau wrote: |
| 4 |
>>> Cyprien Nicolas schrieb: |
| 5 |
>>>> 2009/2/10 Matthew Summers <msummers42@×××××.com>: |
| 6 |
>>>>> On Tue, Feb 10, 2009 at 4:04 AM, Tom Hendrikx <tom@×××××××××.net> wrote: |
| 7 |
>>>>>> Clemente Aguiar schreef: |
| 8 |
>>>>>>> I understand that the profiles where updated recently (last year?).. |
| 9 |
>>>>>>> |
| 10 |
>>>>>>> Available profile symlink targets: |
| 11 |
>>>>>>> [1] hardened/amd64 * |
| 12 |
>>>>>>> [2] hardened/amd64/multilib |
| 13 |
>>>>>>> [3] selinux/2007.0/amd64 |
| 14 |
>>>>>>> [4] selinux/2007.0/amd64/hardened |
| 15 |
>>>>>>> [5] default/linux/amd64/2008.0 |
| 16 |
>>>>>>> [6] default/linux/amd64/2008.0/desktop |
| 17 |
>>>>>>> [7] default/linux/amd64/2008.0/developer |
| 18 |
>>>>>>> [8] default/linux/amd64/2008.0/no-multilib |
| 19 |
>>>>>>> [9] default/linux/amd64/2008.0/server |
| 20 |
>>>>>>> [10] hardened/linux/amd64 |
| 21 |
>>>>>>> |
| 22 |
>>>>>>> Available profile symlink targets: |
| 23 |
>>>>>>> [1] hardened/x86/2.6 * |
| 24 |
>>>>>>> [2] selinux/2007.0/x86 |
| 25 |
>>>>>>> [3] selinux/2007.0/x86/hardened |
| 26 |
>>>>>>> [4] default/linux/x86/2008.0 |
| 27 |
>>>>>>> [5] default/linux/x86/2008.0/desktop |
| 28 |
>>>>>>> [6] default/linux/x86/2008.0/developer |
| 29 |
>>>>>>> [7] default/linux/x86/2008.0/server |
| 30 |
>>>>>>> [8] hardened/linux/x86 |
| 31 |
>>>>>>> |
| 32 |
>>>>>>> |
| 33 |
>>>>>>> I would like to know what hardened profile I should use when I build new |
| 34 |
>>>>>>> machines? (AMD64 as well as x86) |
| 35 |
>>>>>>> |
| 36 |
>>>>>>> Thanks. |
| 37 |
>>>>>>> |
| 38 |
>>>>>>> |
| 39 |
>>>>>>> |
| 40 |
>>>>>> A few days ago I switched an x86 machine from "default/linux/x86/2008.0" |
| 41 |
>>>>>> to "hardened/linux/x86/2008.0/server" after some arbitrary rummaging in |
| 42 |
>>>>>> the profiles directory. This gave me no problems other than the expected |
| 43 |
>>>>>> gcc-4 -> gcc-3 downgrade. |
| 44 |
>>>>>> |
| 45 |
>>>>>> I'm not sure why this profile isn't listed in the eselect profile |
| 46 |
>>>>>> listing above. It doesn't give me a big fat "unsupported profile" |
| 47 |
>>>>>> warning though... |
| 48 |
>>>>>> |
| 49 |
>>>>>> Regards, |
| 50 |
>>>>>> Tom |
| 51 |
>>>>>> |
| 52 |
>>>>> This is a confusing situation. I am currently using |
| 53 |
>>>>> /usr/portage/profiles/hardened/linux/amd64/2008.0. |
| 54 |
>>>>> |
| 55 |
>>>>> This is not explicitly listed in the output of 'eselect profile list'. |
| 56 |
>>>>> |
| 57 |
>>>>> Perhaps we could sort this out on the list & then I will write a quick doc |
| 58 |
>>>>> to place in the hardened web space to assist other users. |
| 59 |
>>>>> |
| 60 |
>>>>> -- |
| 61 |
>>>>> M. Summers |
| 62 |
>>>>> |
| 63 |
>>>>> "...there are no rules here -- we're trying to accomplish something." |
| 64 |
>>>>> - Thomas A. Edison |
| 65 |
>>>>> |
| 66 |
>>>> On #gentooo-hardened, I got this answer : |
| 67 |
>>>> |
| 68 |
>>>> Feb 04 20:10:51 <Tommy[D]> Anyone can say, which profile of the 2 |
| 69 |
>>>> hardened ones are supported here? |
| 70 |
>>>> Feb 04 20:12:01 <gengor> Tommy[D]: use hardened/${ARCH}/2.6 |
| 71 |
>>>> |
| 72 |
>>>> But it was not listed by Clemente for amd64 |
| 73 |
>>>> |
| 74 |
>>>> -- |
| 75 |
>>>> Cyprien |
| 76 |
>>>> |
| 77 |
>>>> |
| 78 |
>>> So he should use either /hardened/amd64 or /hardened/amd64/multilib. If i rememember it right, the |
| 79 |
>>> other profile (/hardened/linux/* ) is not under control by the hardened team and because of that not |
| 80 |
>>> supported. |
| 81 |
>> Correct. |
| 82 |
>> |
| 83 |
>> amd64 #1 or #2 (suggested #2) |
| 84 |
>> x86 #1 |
| 85 |
>> |
| 86 |
> |
| 87 |
> This is what I wanted to know. Thanks. |
| 88 |
> |
| 89 |
> |
| 90 |
|
| 91 |
Then I'll be the one to ask the annoying questions:) |
| 92 |
|
| 93 |
1) Why are they there (could be related to some over-enthousiast |
| 94 |
non-hardened devs)? |
| 95 |
|
| 96 |
2) Why do the profiles in the released hardened stages point to |
| 97 |
"../usr/portage/profiles/hardened/linux/x86/2008.0" by default? I |
| 98 |
checked this in stage1-x86-hardened-2008.0.tar.bz2 and |
| 99 |
stage3-i686-hardened-2008.0.tar.bz2 |
| 100 |
|
| 101 |
3) As these profiles seem to reflect the new "preferred layout", I |
| 102 |
understand that someone added them. But why aren't settings from |
| 103 |
supported hardened profiles ported to this new layout, to remove the |
| 104 |
ambiguity? |
| 105 |
|
| 106 |
-- |
| 107 |
Regards, |
| 108 |
Tom |
Archives