On Tue, 2007-02-27 at 16:54 -0800, Michael Carns wrote:
> I've been running a server in an amd64
hardened+selinux+multilib
> configuration for quite a while now. Initially I used
a selinux profile
> and just added USE="hardened pic pie ssp",
etc to my make.conf.
> However, when the issues related to gcc-4 appeared I
decided I really
> needed to switch to a true hardened profile since I
didn't want to
> emerge glibc-2.4 and gcc-4 by accident.
>
> I went looking for an appropriate amd64 profile, but I
didn't find one.
> I went ahead and created one by merging the selinux
amd64 profile with
> the hardened/multilib profile into my overlay in
/usr/local/portage.
> While this setup succeeds in masking off the undesired
versions of gcc
> and glibc, it forces me to manually keep the profile in
sync with the
> main portage tree.
>
> Is there some reason that this profile combination
doesn't exist in
> /usr/portage? Am I using an unsupported configuration
and have just
> been lucky for well over a year? Is this arch
combination missing a
> maintainer?
The 2006.1 SELinux support requires glibc 2.4, and since the
hardened
compiler is not ready, there is no SELinux+hardened gcc at
this time.
--
Chris PeBenito
<pebenito gentoo.org>
Developer,
Hardened Gentoo Linux
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&s
earch=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D
E6AF 9243
|
