[gentoo-commits] proj/hardened-docs:master commit in: txt/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] proj/hardened-docs:master commit in: txt/
@ 2011-02-17  2:04 Francisco Blas Izquierdo Riera
  0 siblings, 0 replies; 4+ messages in thread
From: Francisco Blas Izquierdo Riera @ 2011-02-17  2:04 UTC (permalink / raw
  To: gentoo-commits

commit:     c1decf92587699261d49509ab1e9953a3d0db441
Author:     klondike <klondike <AT> xiscosoft <DOT> es>
AuthorDate: Thu Feb 17 02:04:34 2011 +0000
Commit:     Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
CommitDate: Thu Feb 17 02:04:34 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=c1decf92

Odd this wasn't commited... notes taken when Zorry explained the patch system to me

---
 txt/gcc-4.5-patches.txt |   53 +++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/txt/gcc-4.5-patches.txt b/txt/gcc-4.5-patches.txt
index d89c039..10a69fa 100644
--- a/txt/gcc-4.5-patches.txt
+++ b/txt/gcc-4.5-patches.txt
@@ -1,6 +1,6 @@
 Rationale
 =========
-Although the use of specfiles as done in gcc 4.3 was a very nice solution it had
+Although the use of specfiles as done ino on patches2 gcc 4.3 was a very nice solution it had
 a big maintainability problem as the flags weren't updated for other rules in
 the same run to use. This meant that we needed a lot of rules in order to add
 the hardened compiler behaviour, which in turn meant more complex
@@ -19,4 +19,53 @@ Modifications
 [04:09] <Zorry> hunk 2 we use a diffrent CC1_SPEC
 [04:10] <Zorry> hunk 3-5 add spec rules for ssp rules that is in esp.h
 [04:11] <Zorry> hunk 6 add ESP_EXTRA_SPECS that is defined in esp.h
-[04:12] <Zorry> hunk 9 add the needed hardened spec rule so it rune befor all the rest of the spec rules
\ No newline at end of file
+[04:12] <Zorry> hunk 9 add the needed hardened spec rule so it rune befor all the rest of the spec rules
+
+20_all... Adds defines and constants an
+
+
+now we do in esp.h -> 30_...
+
+
+Previously, lots of patches to modify specs
+Now just 10 lines (or so)
+
+
+Now we modify to include the new header and add options before calling (on gcc.c 20...)
+
+
+ebuild indicates stable featureset.
+
+Older ones have no SSP support (stable)
+
+
+
+eclass ~146 sets ssp and pie USEs
+Info on patches ~239
+
+~354 get sources for patches...
+
+~405 ssp pie checks.
+
+~514 we want SSP/PIE?
+
+~612 set CFLAGS and branding
+
+~1160 enable stuff per version
+
+~2096 unpack stuff
+
+~2286 add things to makefile and pie version
+
+-----------
+
+10 add options to configure including linker opts certain defines...
+crtbeginTS support...
+
+11some defines
+
+12Makefile add nossp and nopie supports (-fno-stack-protector) Code to test crtbeginTS... add files used later... and fixes
+
+40 patch for specs
+
+24 use special flags to solve static problems.
\ No newline at end of file



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [gentoo-commits] proj/hardened-docs:master commit in: txt/
@ 2011-08-16 21:07 Sven Vermeulen
  0 siblings, 0 replies; 4+ messages in thread
From: Sven Vermeulen @ 2011-08-16 21:07 UTC (permalink / raw
  To: gentoo-commits

commit:     95a9242ecd7e7a0c00df5e9c64043df1e48f7b3f
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Aug 16 23:07:00 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue Aug 16 23:07:00 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=95a9242e

Try to keep track of good naming conventions

---
 txt/selinux-naming |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/txt/selinux-naming b/txt/selinux-naming
new file mode 100644
index 0000000..ea12ccf
--- /dev/null
+++ b/txt/selinux-naming
@@ -0,0 +1,10 @@
+Quick excerpts from #selinux
+
+Interface naming
+  _domtrans is internal, only allows domain transition
+  _run is for root (system administrative) support, like
+    shutdown_run(sysadm_r, sysadm_t)
+  _role is for applications, like
+    mozilla_role(staff_r, staff_t)
+  _admin is to allow administration of a domain, including transitioning through the labeled init scripts, like
+    postfix_admin(sysadm_r, sysadm_t)



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [gentoo-commits] proj/hardened-docs:master commit in: txt/
@ 2011-08-16 21:13 Sven Vermeulen
  0 siblings, 0 replies; 4+ messages in thread
From: Sven Vermeulen @ 2011-08-16 21:13 UTC (permalink / raw
  To: gentoo-commits

commit:     401037505e74fd2ba673bd5c185a6e5551e7e8ba
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Aug 16 23:10:27 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue Aug 16 23:10:27 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=40103750

Improved description

---
 txt/selinux-naming |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/txt/selinux-naming b/txt/selinux-naming
index ea12ccf..972ed77 100644
--- a/txt/selinux-naming
+++ b/txt/selinux-naming
@@ -2,9 +2,8 @@ Quick excerpts from #selinux
 
 Interface naming
   _domtrans is internal, only allows domain transition
-  _run is for root (system administrative) support, like
-    shutdown_run(sysadm_r, sysadm_t)
-  _role is for applications, like
+  _run was for root support, but basically nothing more than domtrans + access
+  _role is a more elaborate version, including resource access, like
     mozilla_role(staff_r, staff_t)
   _admin is to allow administration of a domain, including transitioning through the labeled init scripts, like
     postfix_admin(sysadm_r, sysadm_t)



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [gentoo-commits] proj/hardened-docs:master commit in: txt/
@ 2011-08-16 22:04 Sven Vermeulen
  0 siblings, 0 replies; 4+ messages in thread
From: Sven Vermeulen @ 2011-08-16 22:04 UTC (permalink / raw
  To: gentoo-commits

commit:     cd9bf3fce10c3b2fdd1a0d8cb402372e8cd20a5b
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Aug 17 00:03:49 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Aug 17 00:03:49 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=cd9bf3fc

updates

---
 txt/selinux-naming |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/txt/selinux-naming b/txt/selinux-naming
index 972ed77..47535fa 100644
--- a/txt/selinux-naming
+++ b/txt/selinux-naming
@@ -2,7 +2,7 @@ Quick excerpts from #selinux
 
 Interface naming
   _domtrans is internal, only allows domain transition
-  _run was for root support, but basically nothing more than domtrans + access
+  _run was for root support, but basically nothing more than domtrans + access (role)
   _role is a more elaborate version, including resource access, like
     mozilla_role(staff_r, staff_t)
   _admin is to allow administration of a domain, including transitioning through the labeled init scripts, like



^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-08-16 22:04 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-16 21:13 [gentoo-commits] proj/hardened-docs:master commit in: txt/ Sven Vermeulen
  -- strict thread matches above, loose matches on Subject: below --
2011-08-16 22:04 Sven Vermeulen
2011-08-16 21:07 Sven Vermeulen
2011-02-17  2:04 Francisco Blas Izquierdo Riera

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox