FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 10-26-2008, 03:02 PM
Matt Harrison
 
Default Stopping libselinux being linked

Well I've given up on selinux now and I'm trying to just get rid of selinux
and just use a hardened system.

I've change my profile and recompiled the system so none of it is using the
selinux flag.

The problem is that even though the selinux USE flag isn't exabled, packages
like coreutils are still linking into libselinux. So if I remove libselinux
and all the selinux related packages, it breaks a whole load of binaries on
the system, so much so that I can't recompile packages afterwards.

How should I proceed to eradicate selinux from my system? or am I stuck with
the libraries now until I do a full re-install?

Thanks

Matt
 
Old 10-26-2008, 06:32 PM
Mike Edenfield
 
Default Stopping libselinux being linked

Matt Harrison wrote:


The problem is that even though the selinux USE flag isn't exabled, packages
like coreutils are still linking into libselinux. So if I remove libselinux
and all the selinux related packages, it breaks a whole load of binaries on
the system, so much so that I can't recompile packages afterwards.


Once you switch to a non-SELinux profile you still need to rebuild the
packages that used the library. Building them without the selinux USE
flag will prevent them from linking to the library. Once they're all
rebuilt, then you can remove the SELinux userland stuff.


To easily get this list of packages you have multiple options. The
easiest way is to use revdep-rebuild with the --library option, but last
time I checked revdep-rebuild crashed when you supplied a library.
Alternately, you could run emerge with the --newuse flag, which will
pick up any packages that used to have the selinux USE flag and now
don't. Of course, if you want to be extra safe, just rebuild everything:


emerge -e @world
 
Old 10-26-2008, 08:02 PM
Matt Harrison
 
Default Stopping libselinux being linked

On Sun, Oct 26, 2008 at 03:32:10PM -0400, Mike Edenfield wrote:
> Matt Harrison wrote:
>
>> The problem is that even though the selinux USE flag isn't exabled,
>> packages
>> like coreutils are still linking into libselinux. So if I remove
>> libselinux
>> and all the selinux related packages, it breaks a whole load of binaries
>> on
>> the system, so much so that I can't recompile packages afterwards.
>
> Once you switch to a non-SELinux profile you still need to rebuild the
> packages that used the library. Building them without the selinux USE flag
> will prevent them from linking to the library. Once they're all rebuilt,
> then you can remove the SELinux userland stuff.

But I've already rebuilt the packages, like coreutils, yet ldd on /bin/mv
still shows libselinux linked in.

> To easily get this list of packages you have multiple options. The easiest
> way is to use revdep-rebuild with the --library option, but last time I
> checked revdep-rebuild crashed when you supplied a library. Alternately,
> you could run emerge with the --newuse flag, which will pick up any
> packages that used to have the selinux USE flag and now don't. Of course,
> if you want to be extra safe, just rebuild everything:

I'll have a go with revdep-rebuild.

Thanks

Matt
 
Old 10-26-2008, 08:16 PM
Andreas Niederl
 
Default Stopping libselinux being linked

Matt Harrison wrote:
> On Sun, Oct 26, 2008 at 03:32:10PM -0400, Mike Edenfield wrote:
>> Matt Harrison wrote:
>>
>>> The problem is that even though the selinux USE flag isn't exabled,
>>> packages
>>> like coreutils are still linking into libselinux. So if I remove
>>> libselinux
>>> and all the selinux related packages, it breaks a whole load of binaries
>>> on
>>> the system, so much so that I can't recompile packages afterwards.
>> Once you switch to a non-SELinux profile you still need to rebuild the
>> packages that used the library. Building them without the selinux USE flag
>> will prevent them from linking to the library. Once they're all rebuilt,
>> then you can remove the SELinux userland stuff.
>
> But I've already rebuilt the packages, like coreutils, yet ldd on /bin/mv
> still shows libselinux linked in.

revdep-rebuild won't do you any good as long as coreutils automagically
links against libselinux.

This has been fixed in coreutils-6.10-r3 and coreutils-6.12-r2, so I
suggest using one of these versions.


Regards,
Andi
 

Thread Tools




All times are GMT. The time now is 10:06 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org