1 |
DOH! |
2 |
pressed reply! |
3 |
j |
4 |
|
5 |
-------- Original Message -------- |
6 |
Subject: Re: [gentoo-hardened] Grsecurity 2 in hardened-sources |
7 |
From: "Jesse Jacobs" <jesse@×××××××××××.net> |
8 |
Date: Tue, June 10, 2003 11:21 pm |
9 |
To: <solar@g.o> |
10 |
|
11 |
Hello, |
12 |
|
13 |
First, THANKS!!! |
14 |
|
15 |
Huge Appreciation here! |
16 |
|
17 |
Why use SLOTS? |
18 |
|
19 |
Would u be willing to try using a hard mask? |
20 |
|
21 |
When the grsec2 transition takes place across all kernels... |
22 |
|
23 |
we can use grsec2 by removing the hardmask. |
24 |
|
25 |
Anyone that want's to use grsec2 must maintain package.mask |
26 |
ie. |
27 |
alias realsync='emerge sync && diff -u /root/package.mask |
28 |
/usr/portage/profiles/package.mask > /root/package.mask.diff && cp |
29 |
/root/package.mask /usr/portage/profiles/package.mask && source |
30 |
/etc/profile && echo "Maintaining Your Package Limits."' |
31 |
|
32 |
Then update the box with: |
33 |
realsync; emerge -uUvp world; |
34 |
|
35 |
j |
36 |
|
37 |
Ned Ludd said: |
38 |
> On Mon, 2003-06-09 at 16:12, Joshua Brindle wrote: |
39 |
>> I'd rather you use SLOT's, this is what they are for.. |
40 |
>> otherwise in a few months you are going to have a |
41 |
>> sys-apps/gradm2 and you won't be able to move it |
42 |
>> (you can but it's overly complicated). |
43 |
>> |
44 |
>> you can just have gradm-1 in slot one that installs to |
45 |
>> /usr/sbin/gradm and gradm-2 in slot two that installs to |
46 |
>> /usr/sbin/gradm2 and they won't conflict, you could even |
47 |
>> give them different policy directories so that they don't |
48 |
>> collide. |
49 |
> |
50 |
>> You could then have both slots merged in next to each other |
51 |
>> and it wouldn't be an issue.. |
52 |
> |
53 |
> I dont see how this could/would prevent users that have ~arch keywords |
54 |
> from installing gradm-2 when using -sources other than |
55 |
> hardened-sources. |
56 |
> |
57 |
> Ok say we have ~arch in our keywords and we are using |
58 |
> gentoo-sources-2.4.20-r5(grsecurity 1.9.x) and we do emerge world the |
59 |
> next time we come back to this box it would end up having >=gradm-2 |
60 |
> installed and we would not be able to enable/disable the acl system. |
61 |
> |
62 |
>> the apache apache2 slot mess is really not SLOT'S fault, it's |
63 |
>> something different altogether, we have plenty of apps that |
64 |
>> have been happily slotted for a very long time (db, gtk, et al) |
65 |
> |
66 |
> SLOTS do not seem to properly address who is using what sources. |
67 |
> Example ever had a box running apache1 and had ~x86 in your keywords |
68 |
> and did 'emerge world' portage will override your previous install of |
69 |
> apache1 and force you to use apache2 [doh!]. This is my concern with |
70 |
> gradm-1 & gradm-2. |
71 |
> |
72 |
> If you or anybody on this list knows of a way to make this behave |
73 |
> correctly with these settings then please by all meens submit your |
74 |
> ebuild for gradm-2.0_pre4 (or fix portage so it honors whats installed |
75 |
> already when using ~arch flags) |
76 |
> |
77 |
> -- |
78 |
> Ned Ludd <solar@g.o> |
79 |
> Gentoo Linux (Hardened) |
80 |
> |
81 |
> |
82 |
> -- |
83 |
> gentoo-hardened@g.o mailing list |
84 |
|
85 |
|
86 |
|
87 |
|
88 |
-- |
89 |
gentoo-hardened@g.o mailing list |