Re: [gentoo-hardened] Help required in creating a new profile - gentoo-hardened

From:	brant williams <brant@×××××.net>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] Help required in creating a new profile
Date:	Tue, 27 Nov 2007 21:58:15
Message-Id:	`Pine.LNX.4.64.0711271553320.32323@nerv.tnarb.net`
In Reply to:	Re: [gentoo-hardened] Help required in creating a new profile by John Eckhart

1

Wouldn't you want the symlink to be to /etc/make.profile and not 

2

/etc/make.conf?

3

4

5

brant williams

6

FCAA CDCA 20BC 3925 D634  F5C4 7420 6784 4DEB 6002

On Tue, 27 Nov 2007, John Eckhart wrote:

11

12

> Date: Tue, 27 Nov 2007 16:12:58 -0500

13

> From: John Eckhart <jweckhart@×××××.com>

14

> Reply-To: gentoo-hardened@l.g.o

15

> To: gentoo-hardened@l.g.o

16

> Subject: Re: [gentoo-hardened] Help required in creating a new profile

17

>

18

> Ashish,

19

>

20

>    The preferred way to go about using hardened would be to link an

21

> existing hardened profile: (i.e.

22

> /usr/portage/profiles/selinux/2007.0/amd64/hardened)

23

> to /etc/make.conf:

24

>

25

> ln -sf /usr/portage/selinux/2007.0/amd64/hardened /etc/make.conf

26

>

27

> If you have additional profile overrides (i.e. changes to the use masking),

28

> you can put them in /etc/portage/profile (see the portage(5) manpage for

29

> more information)

30

>

31

> On Nov 27, 2007 3:18 PM, आशीष Ashish <wahjava.ml@×××××.com> wrote:

32

>

33

>> Hi,

34

>>

35

>> I wanted to install *Hardened* Gentoo Linux 2007.0 on my AMD64

36

>> architecture

37

>> box with *SELinux* support and no *multilib* support. I'm in the initial

38

>> stage of installation. I've just extracted the stage3 'hardened' tarball

39

>> and

40

>> portage snapshot.

41

>>

42

>> The 'hardened' stage3 tarball ships with a default hardened profile, to

43

>> which

44

>> I wanted to add *selinux* support. I've created a profile, which is not

45

>> working as expected. Following is the my profile, which I saved

46

>> in "/usr/local/portage/profiles/selinux-hardened-amd64" .

47

>>

48

>> - ----8<----8<----

49

>> chatteau selinux-hardened-amd64 # file *

50

>> make.defaults: symbolic link to

51

>> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/make.defaults'

52

>> package.mask:  symbolic link to

53

>> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/package.mask'

54

>> parent:        ASCII text

55

>> use.mask:      symbolic link to

56

>> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/use.mask'

57

>> chatteau selinux-hardened-amd64 # cat parent

58

>> ../../../../portage/profiles/selinux/2007.0/amd64

59

>> ../../../../portage/profiles/hardened/amd64

60

>> selinux-hardened-amd64 # file /etc/make.profile

61

>> /etc/make.profile: symbolic link to

62

>> `/usr/local/portage/profiles/selinux-hardened-amd64'

63

>> - ---->8---->8----

64

>>

65

>> Following is my "make.conf" :

66

>>

67

>> - ----8<----8<----

68

>> CFLAGS="-O2 -pipe -ggdb -fforce-addr -mtune=nocona -march=nocona

69

>> - -fstack-protector-all"

70

>> CXXFLAGS="${CFLAGS}"

71

>> CHOST="x86_64-pc-linux-gnu"

72

>> FEATURES="ccache collision-protect buildpkg parallel-fetch splitdebug

73

>> userfetch"

74

>> - ---->8---->8----

75

>>

76

>> Following is the output of 'euse -a', on the basis of which I'm concluding

77

>> its not working:

78

>>

79

>> - ----8<----8<----

80

>> chatteau selinux-hardened-amd64 # euse -a

81

>> berkdb              [+  D ]

82

>> cli                 [+  D ]

83

>> cracklib            [+    ]

84

>> crypt               [+  D ]

85

>> cups                [+  D ]

86

>> dri                 [+  D ]

87

>> fbdev               [+    ]

88

>> fortran             [+  D ]

89

>> gdbm                [+  D ]

90

>> gpm                 [+  D ]

91

>> hardened            [+  D ]

92

>> iconv               [+  D ]

93

>> ipv6                [+  D ]

94

>> isdnlog             [+  D ]

95

>> justify             [+    ]

96

>> ladspa              [+    ]

97

>> midi                [+    ]

98

>> mudflap             [+  D ]

99

>> ncurses             [+  D ]

100

>> nls                 [+  D ]

101

>> nptl                [+  D ]

102

>> nptlonly            [+  D ]

103

>> openmp              [+  D ]

104

>> pam                 [+  D ]

105

>> pcre                [+  D ]

106

>> perl                [+  D ]

107

>> pic                 [+  D ]

108

>> pppd                [+  D ]

109

>> python              [+  D ]

110

>> readline            [+  D ]

111

>> reflection          [+  D ]

112

>> session             [+  D ]

113

>> spl                 [+  D ]

114

>> sse                 [+  D ]

115

>> sse2                [+  D ]

116

>> ssl                 [+  D ]

117

>> tcpd                [+  D ]

118

>> text                [+    ]

119

>> tga                 [+    ]

120

>> unicode             [+  D ]

121

>> urandom             [+    ]

122

>> v4l                 [+    ]

123

>> vga                 [+    ]

124

>> xorg                [+  D ]

125

>> zlib                [+  D ]

126

>> - ---->8---->8----

127

>>

128

>> I'm not expert in gentoo, so if I'm wrong somewhere please correct me.

129

>>

130

>> [I've also posted this message alt.os.linux.gentoo.]

131

>>

132

>> TIA

133

>> --

134

>> Ashish Shukla आशीष शुक्ल

135

>> http://wahjava.wordpress.com/

136

>> ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --

137

>>

138

>

1	Wouldn't you want the symlink to be to /etc/make.profile and not
2	/etc/make.conf?
3
4
5	brant williams
6	FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002
7
8
9
10	On Tue, 27 Nov 2007, John Eckhart wrote:
11
12	> Date: Tue, 27 Nov 2007 16:12:58 -0500
13	> From: John Eckhart <jweckhart@×××××.com>
14	> Reply-To: gentoo-hardened@l.g.o
15	> To: gentoo-hardened@l.g.o
16	> Subject: Re: [gentoo-hardened] Help required in creating a new profile
17	>
18	> Ashish,
19	>
20	> The preferred way to go about using hardened would be to link an
21	> existing hardened profile: (i.e.
22	> /usr/portage/profiles/selinux/2007.0/amd64/hardened)
23	> to /etc/make.conf:
24	>
25	> ln -sf /usr/portage/selinux/2007.0/amd64/hardened /etc/make.conf
26	>
27	> If you have additional profile overrides (i.e. changes to the use masking),
28	> you can put them in /etc/portage/profile (see the portage(5) manpage for
29	> more information)
30	>
31	> On Nov 27, 2007 3:18 PM, आशीष Ashish <wahjava.ml@×××××.com> wrote:
32	>
33	>> Hi,
34	>>
35	>> I wanted to install Hardened Gentoo Linux 2007.0 on my AMD64
36	>> architecture
37	>> box with SELinux support and no multilib support. I'm in the initial
38	>> stage of installation. I've just extracted the stage3 'hardened' tarball
39	>> and
40	>> portage snapshot.
41	>>
42	>> The 'hardened' stage3 tarball ships with a default hardened profile, to
43	>> which
44	>> I wanted to add selinux support. I've created a profile, which is not
45	>> working as expected. Following is the my profile, which I saved
46	>> in "/usr/local/portage/profiles/selinux-hardened-amd64" .
47	>>
48	>> - ----8<----8<----
49	>> chatteau selinux-hardened-amd64 # file *
50	>> make.defaults: symbolic link to
51	>> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/make.defaults'
52	>> package.mask: symbolic link to
53	>> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/package.mask'
54	>> parent: ASCII text
55	>> use.mask: symbolic link to
56	>> `../../../../portage/profiles/selinux/2007.0/amd64/hardened/use.mask'
57	>> chatteau selinux-hardened-amd64 # cat parent
58	>> ../../../../portage/profiles/selinux/2007.0/amd64
59	>> ../../../../portage/profiles/hardened/amd64
60	>> selinux-hardened-amd64 # file /etc/make.profile
61	>> /etc/make.profile: symbolic link to
62	>> `/usr/local/portage/profiles/selinux-hardened-amd64'
63	>> - ---->8---->8----
64	>>
65	>> Following is my "make.conf" :
66	>>
67	>> - ----8<----8<----
68	>> CFLAGS="-O2 -pipe -ggdb -fforce-addr -mtune=nocona -march=nocona
69	>> - -fstack-protector-all"
70	>> CXXFLAGS="${CFLAGS}"
71	>> CHOST="x86_64-pc-linux-gnu"
72	>> FEATURES="ccache collision-protect buildpkg parallel-fetch splitdebug
73	>> userfetch"
74	>> - ---->8---->8----
75	>>
76	>> Following is the output of 'euse -a', on the basis of which I'm concluding
77	>> its not working:
78	>>
79	>> - ----8<----8<----
80	>> chatteau selinux-hardened-amd64 # euse -a
81	>> berkdb [+ D ]
82	>> cli [+ D ]
83	>> cracklib [+ ]
84	>> crypt [+ D ]
85	>> cups [+ D ]
86	>> dri [+ D ]
87	>> fbdev [+ ]
88	>> fortran [+ D ]
89	>> gdbm [+ D ]
90	>> gpm [+ D ]
91	>> hardened [+ D ]
92	>> iconv [+ D ]
93	>> ipv6 [+ D ]
94	>> isdnlog [+ D ]
95	>> justify [+ ]
96	>> ladspa [+ ]
97	>> midi [+ ]
98	>> mudflap [+ D ]
99	>> ncurses [+ D ]
100	>> nls [+ D ]
101	>> nptl [+ D ]
102	>> nptlonly [+ D ]
103	>> openmp [+ D ]
104	>> pam [+ D ]
105	>> pcre [+ D ]
106	>> perl [+ D ]
107	>> pic [+ D ]
108	>> pppd [+ D ]
109	>> python [+ D ]
110	>> readline [+ D ]
111	>> reflection [+ D ]
112	>> session [+ D ]
113	>> spl [+ D ]
114	>> sse [+ D ]
115	>> sse2 [+ D ]
116	>> ssl [+ D ]
117	>> tcpd [+ D ]
118	>> text [+ ]
119	>> tga [+ ]
120	>> unicode [+ D ]
121	>> urandom [+ ]
122	>> v4l [+ ]
123	>> vga [+ ]
124	>> xorg [+ D ]
125	>> zlib [+ D ]
126	>> - ---->8---->8----
127	>>
128	>> I'm not expert in gentoo, so if I'm wrong somewhere please correct me.
129	>>
130	>> [I've also posted this message alt.os.linux.gentoo.]
131	>>
132	>> TIA
133	>> --
134	>> Ashish Shukla आशीष शुक्ल
135	>> http://wahjava.wordpress.com/
136	>> ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
137	>>
138	>

Gentoo Archives: gentoo-hardened