I wanted to install *Hardened* Gentoo Linux 2007.0 on my AMD64 architecture
box with *SELinux* support and no *multilib* support. I'm in the initial
stage of installation. I've just extracted the stage3 'hardened' tarball and
portage snapshot.
The 'hardened' stage3 tarball ships with a default hardened profile, to which
I wanted to add *selinux* support. I've created a profile, which is not
working as expected. Following is the my profile, which I saved
in "/usr/local/portage/profiles/selinux-hardened-amd64" .
- ----8<----8<----
chatteau selinux-hardened-amd64 # file *
make.defaults: symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/make.defaults'
package.mask: symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/package.mask'
parent: ASCII text
use.mask: symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/use.mask'
chatteau selinux-hardened-amd64 # cat parent
../../../../portage/profiles/selinux/2007.0/amd64
../../../../portage/profiles/hardened/amd64
selinux-hardened-amd64 # file /etc/make.profile
/etc/make.profile: symbolic link to
`/usr/local/portage/profiles/selinux-hardened-amd64'
- ---->8---->8----
Following is the output of 'euse -a', on the basis of which I'm concluding
its not working:
- ----8<----8<----
chatteau selinux-hardened-amd64 # euse -a
berkdb [+ D ]
cli [+ D ]
cracklib [+ ]
crypt [+ D ]
cups [+ D ]
dri [+ D ]
fbdev [+ ]
fortran [+ D ]
gdbm [+ D ]
gpm [+ D ]
hardened [+ D ]
iconv [+ D ]
ipv6 [+ D ]
isdnlog [+ D ]
justify [+ ]
ladspa [+ ]
midi [+ ]
mudflap [+ D ]
ncurses [+ D ]
nls [+ D ]
nptl [+ D ]
nptlonly [+ D ]
openmp [+ D ]
pam [+ D ]
pcre [+ D ]
perl [+ D ]
pic [+ D ]
pppd [+ D ]
python [+ D ]
readline [+ D ]
reflection [+ D ]
session [+ D ]
spl [+ D ]
sse [+ D ]
sse2 [+ D ]
ssl [+ D ]
tcpd [+ D ]
text [+ ]
tga [+ ]
unicode [+ D ]
urandom [+ ]
v4l [+ ]
vga [+ ]
xorg [+ D ]
zlib [+ D ]
- ---->8---->8----
I'm not expert in gentoo, so if I'm wrong somewhere please correct me.
[I've also posted this message alt.os.linux.gentoo.]
*** The preferred way to go about using hardened would be to link an existing hardened profile: (i.e. /usr/portage/profiles/selinux/2007.0/amd64/hardened) to /etc/make.conf:
ln -sf /usr/portage/selinux/2007.0/amd64/hardened /etc/make.conf
If you have additional profile overrides (i.e. changes to the use masking), you can put them in /etc/portage/profile (see the portage(5) manpage for more information)
On Nov 27, 2007 3:18 PM, आशीष Ashish <wahjava.ml@gmail.com> wrote:
Hi,
I wanted to install *Hardened* Gentoo Linux 2007.0 on my AMD64 architecture
box with *SELinux* support and no *multilib* support. I'm in the initial
stage of installation. I've just extracted the stage3 'hardened' tarball and
portage snapshot.
The 'hardened' stage3 tarball ships with a default hardened profile, to which
I wanted to add *selinux* support. I've created a profile, which is not
working as expected. Following is the my profile, which I saved
in "/usr/local/portage/profiles/selinux-hardened-amd64" .
- ----8<----8<----
chatteau selinux-hardened-amd64 # file *
make.defaults: symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/make.defaults'
package.mask: *symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/package.mask'
parent: * * * *ASCII text
use.mask: * * *symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/use.mask'
chatteau selinux-hardened-amd64 # cat parent
../../../../portage/profiles/selinux/2007.0/amd64
../../../../portage/profiles/hardened/amd64
selinux-hardened-amd64 # file /etc/make.profile
/etc/make.profile: symbolic link to
John Eckhart wrote:
> Ashish,
>
> The preferred way to go about using hardened would be to link an
> existing hardened profile: (i.e. /usr/portage/profiles
> /selinux/2007.0/amd64/hardened) to /etc/make.conf:
>
> ln -sf /usr/portage/selinux/2007.0/amd64/hardened /etc/make.conf
>
> If you have additional profile overrides (i.e. changes to the use
> masking), you can put them in /etc/portage/profile (see the
> portage(5) manpage for more information)
>
You mean /etc/make.profile.
Regards,
Alex Brandt
- --
Student, B.S. Physics & Computer Science
Department of Physics and Astronomy, MSUM
Department of Computer Science and Information Services, MSUM
www.alunduil.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
Date: Tue, 27 Nov 2007 16:12:58 -0500
From: John Eckhart <jweckhart@gmail.com>
Reply-To: gentoo-hardened@lists.gentoo.org
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Help required in creating a new profile
Ashish,
The preferred way to go about using hardened would be to link an
existing hardened profile: (i.e.
/usr/portage/profiles/selinux/2007.0/amd64/hardened)
to /etc/make.conf:
If you have additional profile overrides (i.e. changes to the use masking),
you can put them in /etc/portage/profile (see the portage(5) manpage for
more information)
On Nov 27, 2007 3:18 PM, आशीष Ashish <wahjava.ml@gmail.com> wrote:
Hi,
I wanted to install *Hardened* Gentoo Linux 2007.0 on my AMD64
architecture
box with *SELinux* support and no *multilib* support. I'm in the initial
stage of installation. I've just extracted the stage3 'hardened' tarball
and
portage snapshot.
The 'hardened' stage3 tarball ships with a default hardened profile, to
which
I wanted to add *selinux* support. I've created a profile, which is not
working as expected. Following is the my profile, which I saved
in "/usr/local/portage/profiles/selinux-hardened-amd64" .
- ----8<----8<----
chatteau selinux-hardened-amd64 # file *
make.defaults: symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/make.defaults'
package.mask: symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/package.mask'
parent: ASCII text
use.mask: symbolic link to
`../../../../portage/profiles/selinux/2007.0/amd64/hardened/use.mask'
chatteau selinux-hardened-amd64 # cat parent
../../../../portage/profiles/selinux/2007.0/amd64
../../../../portage/profiles/hardened/amd64
selinux-hardened-amd64 # file /etc/make.profile
/etc/make.profile: symbolic link to
`/usr/local/portage/profiles/selinux-hardened-amd64'
- ---->8---->8----
Following is the output of 'euse -a', on the basis of which I'm concluding
its not working:
- ----8<----8<----
chatteau selinux-hardened-amd64 # euse -a
berkdb [+ D ]
cli [+ D ]
cracklib [+ ]
crypt [+ D ]
cups [+ D ]
dri [+ D ]
fbdev [+ ]
fortran [+ D ]
gdbm [+ D ]
gpm [+ D ]
hardened [+ D ]
iconv [+ D ]
ipv6 [+ D ]
isdnlog [+ D ]
justify [+ ]
ladspa [+ ]
midi [+ ]
mudflap [+ D ]
ncurses [+ D ]
nls [+ D ]
nptl [+ D ]
nptlonly [+ D ]
openmp [+ D ]
pam [+ D ]
pcre [+ D ]
perl [+ D ]
pic [+ D ]
pppd [+ D ]
python [+ D ]
readline [+ D ]
reflection [+ D ]
session [+ D ]
spl [+ D ]
sse [+ D ]
sse2 [+ D ]
ssl [+ D ]
tcpd [+ D ]
text [+ ]
tga [+ ]
unicode [+ D ]
urandom [+ ]
v4l [+ ]
vga [+ ]
xorg [+ D ]
zlib [+ D ]
- ---->8---->8----
I'm not expert in gentoo, so if I'm wrong somewhere please correct me.
[I've also posted this message alt.os.linux.gentoo.]
,--[ On Wednesday 28 Nov 2007, John Eckhart wrote:
| Ashish,
|
| The preferred way to go about using hardened would be to link an
| existing hardened profile: (i.e.
| /usr/portage/profiles/selinux/2007.0/amd64/hardened)
| to /etc/make.conf:
|
| ln -sf /usr/portage/selinux/2007.0/amd64/hardened /etc/make.conf
|
| If you have additional profile overrides (i.e. changes to the use masking),
| you can put them in /etc/portage/profile (see the portage(5) manpage for
| more information)
|
Thanks for the reply.
Okay, so you mean I should place "no-multilib" stuff
inside /etc/portage/profile whereas my default profile points to
SELinux+Hardened, right. hmm... ?
Help required in creating a new profile
