1 |
On Mon, 2006-10-30 at 16:31 +0100, Bart Van Loon wrote: |
2 |
> I just got my hands on a server on which I installed gentoo. I have |
3 |
> quite some experience with Linux and gentoo, but it is the first time |
4 |
> that I engaged in a gentoo-hardened installation. |
5 |
> |
6 |
> I have linux-headers-2.6.17-r1 installed and am running a |
7 |
> 2.6.17-hardened-r1 kernel in the selinux/x86/2006.1 profile. |
8 |
> |
9 |
> I am following the instructions on |
10 |
> http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=1 |
11 |
> but encouter a few problems: |
12 |
|
13 |
You didn't follow the instructions, because if you were, you would not |
14 |
be using the 2006.1 SELinux profile. It is still in testing. |
15 |
|
16 |
> 1/ |
17 |
> emerging glibc always fails with |
18 |
> |
19 |
> !!! nptl glibc did not pass make check |
20 |
> |
21 |
> my USE flags vor glibc are "glibc-omitfp nptl nptlonly selinux -build |
22 |
> -glibc-compat20 hardened -multilib -nls -profile" |
23 |
> |
24 |
> I tried compiling with nptlonly, but portage wouldn't accept that. |
25 |
> emerging without the hardened flag, results in the same error. |
26 |
|
27 |
Need more error messages. |
28 |
|
29 |
> 2/ |
30 |
> after emerging selinux-base-policy, checkpolicy and policyresources, the |
31 |
> HOWTO states that I should run "make load" |
32 |
> in /etc/security/selinux/src/policy, but this directory does not exist |
33 |
> (only /etc/security/ does). |
34 |
|
35 |
Because of the wrong profile. |
36 |
|
37 |
> 3/ |
38 |
> then, later on, many ebuilds fail to emerge: pam, coreutils, |
39 |
> device-mapper, etc... the same ebuilds, on the same architecture, emerge |
40 |
> fine on other systems. |
41 |
|
42 |
Need error messages. |
43 |
|
44 |
> 4/ |
45 |
> finally, I'm completely stuck when I want to label my filesystems, |
46 |
> because of the empty (non-existing) /etc/security/selinux/src/policy |
47 |
> directory. |
48 |
|
49 |
Wrong profile. |
50 |
|
51 |
-- |
52 |
Chris PeBenito |
53 |
<pebenito@g.o> |
54 |
Developer, |
55 |
Hardened Gentoo Linux |
56 |
|
57 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 |
58 |
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243 |