From: Albert Lash <alby@thirteen.net>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] gcc-config
Date: Sat, 24 Sep 2005 18:39:33 -0400 (EDT) [thread overview]
Message-ID: <Pine.LNX.4.58.0509241834290.9983@thirteen.net> (raw)
In-Reply-To: <Pine.LNX.4.58.0509241531450.5944@thirteen.net>
Hello again,
I jumped the gun and attempted to reload the toolchain after changing the
gcc profile to gcc-3.4.4-r1-hardened. I got through
binutils and gcc, then glibc fails, saying it explicity requires SELInux.
Strange thing happened to my gcc profiles too. Running gcc-config shows 5
choices, only gcc-3.4.4-hardened is gone, replaced by gcc-3.4.4-vanilla at
the end. This sort of makes sense.
Currently I am again compiling gcc, hoping that it will do something that
will make glibc compile OK. I selected gcc-3.4.4-hardened-nopie to see if
that helps.
Does
gcc-3.4.4-hardened-nopiessp mean that neither pie or ssp will be
installed, or only ssp? I searched around for an explanation of these
profiles but found none. Might be a good idea for the docs.
Alby
On Sat, 24 Sep 2005, Albert Lash wrote:
> Hello,
>
> I am running gentoo-hardened kernel 2.6.11-r15 on an amd64 system. I have
> followed the convert howto and found it very straightforward and clear.
>
> However, I noticed my list of deps was rather large during a recent emerge
> pretend and so I checked my setup and found SELinux to be not enabled -
>
> !!!SELinux not enabled:...
>
> So I checked my profile, and it was not the hardened profile! I updated
> the profile, and reloaded the profile, and so now when I run sestatus it
> gives me the desired response:
>
> sestatus
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: permissive
> Policy version: 18
>
> Policy booleans:
> secure_mode inactive
> ssh_sysadm_login inactive
> user_ping inactive
>
> However, when I run gcc-config -l, I am running the vanilla gcc-3.4.4. I
> searched for information on whether I need to be using the hardened and
> can't find much. Do I need to enabled the hardened compiler, and
> re-compile everything under the new selinux profile and policy?
>
> Thank you,
>
> Alby Lash
>
> --
> gentoo-hardened@gentoo.org mailing list
>
--
gentoo-hardened@gentoo.org mailing list
next prev parent reply other threads:[~2005-09-24 22:30 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-24 19:37 [gentoo-hardened] gcc-config Albert Lash
2005-09-24 22:39 ` Albert Lash [this message]
2005-09-25 11:44 ` [gentoo-hardened] gcc-hardened Albert Lash
2005-09-25 21:37 ` Chris PeBenito
2005-10-06 18:18 ` [gentoo-hardened] SELinux and Apache - no pid file? Albert Lash
2005-10-07 2:00 ` Chris PeBenito
2005-10-07 2:25 ` Travis Fraser
2005-10-07 12:41 ` Albert Lash
2005-10-15 15:40 ` [gentoo-hardened] AMD64 sys-libs/ss Albert Lash
2005-10-15 17:40 ` Chris PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.58.0509241834290.9983@thirteen.net \
--to=alby@thirteen.net \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox