Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Chris PeBenito <pebenito@g.o>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] hardened installation troubles
Date: Tue, 31 Oct 2006 00:02:53
Message-Id: 1162226715.7298.6.camel@defiant.pebenito.net
In Reply to: [gentoo-hardened] hardened installation troubles by Bart Van Loon
1 On Mon, 2006-10-30 at 16:31 +0100, Bart Van Loon wrote:
2 > I just got my hands on a server on which I installed gentoo. I have
3 > quite some experience with Linux and gentoo, but it is the first time
4 > that I engaged in a gentoo-hardened installation.
5 >
6 > I have linux-headers-2.6.17-r1 installed and am running a
7 > 2.6.17-hardened-r1 kernel in the selinux/x86/2006.1 profile.
8 >
9 > I am following the instructions on
10 > http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=1
11 > but encouter a few problems:
12
13 You didn't follow the instructions, because if you were, you would not
14 be using the 2006.1 SELinux profile. It is still in testing.
15
16 > 1/
17 > emerging glibc always fails with
18 >
19 > !!! nptl glibc did not pass make check
20 >
21 > my USE flags vor glibc are "glibc-omitfp nptl nptlonly selinux -build
22 > -glibc-compat20 hardened -multilib -nls -profile"
23 >
24 > I tried compiling with nptlonly, but portage wouldn't accept that.
25 > emerging without the hardened flag, results in the same error.
26
27 Need more error messages.
28
29 > 2/
30 > after emerging selinux-base-policy, checkpolicy and policyresources, the
31 > HOWTO states that I should run "make load"
32 > in /etc/security/selinux/src/policy, but this directory does not exist
33 > (only /etc/security/ does).
34
35 Because of the wrong profile.
36
37 > 3/
38 > then, later on, many ebuilds fail to emerge: pam, coreutils,
39 > device-mapper, etc... the same ebuilds, on the same architecture, emerge
40 > fine on other systems.
41
42 Need error messages.
43
44 > 4/
45 > finally, I'm completely stuck when I want to label my filesystems,
46 > because of the empty (non-existing) /etc/security/selinux/src/policy
47 > directory.
48
49 Wrong profile.
50
51 --
52 Chris PeBenito
53 <pebenito@g.o>
54 Developer,
55 Hardened Gentoo Linux
56
57 Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
58 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
[gentoo-hardened] Re: hardened installation troubles Bart Van Loon <bart@×××××.be>
Report Message
Find on MARC Find on Google Groups