| 1 |
DOH! |
| 2 |
pressed reply! |
| 3 |
j |
| 4 |
|
| 5 |
-------- Original Message -------- |
| 6 |
Subject: Re: [gentoo-hardened] Grsecurity 2 in hardened-sources |
| 7 |
From: "Jesse Jacobs" <jesse@×××××××××××.net> |
| 8 |
Date: Tue, June 10, 2003 11:21 pm |
| 9 |
To: <solar@g.o> |
| 10 |
|
| 11 |
Hello, |
| 12 |
|
| 13 |
First, THANKS!!! |
| 14 |
|
| 15 |
Huge Appreciation here! |
| 16 |
|
| 17 |
Why use SLOTS? |
| 18 |
|
| 19 |
Would u be willing to try using a hard mask? |
| 20 |
|
| 21 |
When the grsec2 transition takes place across all kernels... |
| 22 |
|
| 23 |
we can use grsec2 by removing the hardmask. |
| 24 |
|
| 25 |
Anyone that want's to use grsec2 must maintain package.mask |
| 26 |
ie. |
| 27 |
alias realsync='emerge sync && diff -u /root/package.mask |
| 28 |
/usr/portage/profiles/package.mask > /root/package.mask.diff && cp |
| 29 |
/root/package.mask /usr/portage/profiles/package.mask && source |
| 30 |
/etc/profile && echo "Maintaining Your Package Limits."' |
| 31 |
|
| 32 |
Then update the box with: |
| 33 |
realsync; emerge -uUvp world; |
| 34 |
|
| 35 |
j |
| 36 |
|
| 37 |
Ned Ludd said: |
| 38 |
> On Mon, 2003-06-09 at 16:12, Joshua Brindle wrote: |
| 39 |
>> I'd rather you use SLOT's, this is what they are for.. |
| 40 |
>> otherwise in a few months you are going to have a |
| 41 |
>> sys-apps/gradm2 and you won't be able to move it |
| 42 |
>> (you can but it's overly complicated). |
| 43 |
>> |
| 44 |
>> you can just have gradm-1 in slot one that installs to |
| 45 |
>> /usr/sbin/gradm and gradm-2 in slot two that installs to |
| 46 |
>> /usr/sbin/gradm2 and they won't conflict, you could even |
| 47 |
>> give them different policy directories so that they don't |
| 48 |
>> collide. |
| 49 |
> |
| 50 |
>> You could then have both slots merged in next to each other |
| 51 |
>> and it wouldn't be an issue.. |
| 52 |
> |
| 53 |
> I dont see how this could/would prevent users that have ~arch keywords |
| 54 |
> from installing gradm-2 when using -sources other than |
| 55 |
> hardened-sources. |
| 56 |
> |
| 57 |
> Ok say we have ~arch in our keywords and we are using |
| 58 |
> gentoo-sources-2.4.20-r5(grsecurity 1.9.x) and we do emerge world the |
| 59 |
> next time we come back to this box it would end up having >=gradm-2 |
| 60 |
> installed and we would not be able to enable/disable the acl system. |
| 61 |
> |
| 62 |
>> the apache apache2 slot mess is really not SLOT'S fault, it's |
| 63 |
>> something different altogether, we have plenty of apps that |
| 64 |
>> have been happily slotted for a very long time (db, gtk, et al) |
| 65 |
> |
| 66 |
> SLOTS do not seem to properly address who is using what sources. |
| 67 |
> Example ever had a box running apache1 and had ~x86 in your keywords |
| 68 |
> and did 'emerge world' portage will override your previous install of |
| 69 |
> apache1 and force you to use apache2 [doh!]. This is my concern with |
| 70 |
> gradm-1 & gradm-2. |
| 71 |
> |
| 72 |
> If you or anybody on this list knows of a way to make this behave |
| 73 |
> correctly with these settings then please by all meens submit your |
| 74 |
> ebuild for gradm-2.0_pre4 (or fix portage so it honors whats installed |
| 75 |
> already when using ~arch flags) |
| 76 |
> |
| 77 |
> -- |
| 78 |
> Ned Ludd <solar@g.o> |
| 79 |
> Gentoo Linux (Hardened) |
| 80 |
> |
| 81 |
> |
| 82 |
> -- |
| 83 |
> gentoo-hardened@g.o mailing list |
| 84 |
|
| 85 |
|
| 86 |
|
| 87 |
|
| 88 |
-- |
| 89 |
gentoo-hardened@g.o mailing list |
Archives