From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LFVx2-0007ze-72 for garchives@archives.gentoo.org; Wed, 24 Dec 2008 15:47:12 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BD504E04FB; Wed, 24 Dec 2008 15:47:09 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 76142E04FB for ; Wed, 24 Dec 2008 15:47:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 02E8A64B86 for ; Wed, 24 Dec 2008 15:47:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 required=5.5 tests=[BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sx3ah0atPLjX for ; Wed, 24 Dec 2008 15:47:02 +0000 (UTC) Received: from qw-out-1920.google.com (qw-out-1920.google.com [74.125.92.146]) by smtp.gentoo.org (Postfix) with ESMTP id D886864CB9 for ; Wed, 24 Dec 2008 15:47:01 +0000 (UTC) Received: by qw-out-1920.google.com with SMTP id 5so1276690qwc.6 for ; Wed, 24 Dec 2008 07:47:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=sLeO8HB8+DkhEXUR+hF0oUYkRD9Rv17xxiVFuFCBd7k=; b=sGkaOREo3I/QXX4PYDBomucUOHWYkjFzRFEBS2KpcgWbWLhOgmDNjW/fDZCV3oyQWr 3dH7kAHBJP7At7VkLEUxMB0zjQZ1l6Gr8Z6PeI/7xa6uryUARNbcdNJdTyt8LEnEv8Hv /Y7OrVt2IbOj1ypI32EGGpocAFTT83C87UZUA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=Bst1Ng6wQ/BbqJHDvSgIR0Bsg3aJFJZ/H4V2X5+n5YJlnmeLFnsaQ8Dd1t7/YzuqAZ XBxR1mZynyYG6Nr+n08/Z6cfnse+tkh6v45DuXxqmFBfM/NmVJYeUvJt1LC1dcTmkbs+ jdNnWsZovRTRIgkT/9U9MgU5BCsSaP3ShUBBg= Received: by 10.214.80.1 with SMTP id d1mr8899020qab.288.1230133621146; Wed, 24 Dec 2008 07:47:01 -0800 (PST) Received: from ?127.0.0.1? (pasquino.netelligent.ca [209.44.114.178]) by mx.google.com with ESMTPS id 30sm20454776yxk.37.2008.12.24.07.46.58 (version=SSLv3 cipher=RC4-MD5); Wed, 24 Dec 2008 07:47:00 -0800 (PST) Message-ID: <4952596F.9080406@gmail.com> Date: Wed, 24 Dec 2008 10:46:55 -0500 From: 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com> User-Agent: Thunderbird 2.0.0.18 (X11/20081105) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-hardened] Re: Profile switch: hardened to non-hardened? References: <49bf44f10812231323t7b5371eaj6a082f56f17b01e0@mail.gmail.com> <49515B9F.4030006@moremagic.com> <49bf44f10812231356y2f9974dfu994adbf03f8dc67d@mail.gmail.com> In-Reply-To: <49bf44f10812231356y2f9974dfu994adbf03f8dc67d@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 6cad232b-ddd7-4aaa-93b7-9f70005906a5 X-Archives-Hash: adc0bfd037b9ea71a267a5ad1f96bec1 Grant wrote: >> I've been able to do so; basically I switched over to the standard profile, >> disabled selinux in the kernel, and re-emerged system for new use flags. >> There were some other details but overall the process was pretty painless, >> anyone ambitious enough to configure a hardened system can probably handle >> the switch without much problem. Not that I'm encouraging you to drop >> hardened (especially on a laptop that could be exposed to random wifi >> networks ;-) > > I'd love to keep it hardened but I want to install programs like > skype, miro, and mplayer that don't seem to compile under a hardened > profile. > > - Grant IIUC, certain flags can be problematic on a very few ebuilds. Don't know about miro and skype, but for mplayer I have the following in /etc/portage/package.use: media-video/mplayer 3dnow 3dnowext X aac aalib alsa custom-cflags dga directfb dts dv dvd encode esd fbcon ftp gif -gtk gnome-mplayer iconv ipv6 jpeg live mad md5sum mmx mmxext mp2 mp3 nas opengl png pvr quicktime radio real rtc sdl sse sse2 svga theora truetype unicode v4l vorbis win32codecs x264 xanim xv xvid lame -a52 -altivec -amrnb -amrwb -arts -bidi -bindist -bl -cddb -cdio -cdparanoia cpudetection -debug -doc -dvb -enca -ggi -ivtv -jack -joystick -libcaca -lirc -livecd -lzo -musepack -nemesi -openal -oss -pnm -rar -samba -speex srt -ssse3 -teletext -tga -tivo -v4l2 -vidix -xinerama -xvmc -zoran -ladspa -pulseaudio -ivtv -pvr