headers
Ernesto Rodriguez Ortiz | 8 Oct 19:42

glibc

Hello here, I have some problems compiled glibc, I am trying to install a server with PaX and SELinux, I have
an decompressing stage3 hardened and portage, change the profile for selinux/2007.0/x86/hardened and
set the make.conf as a show down .Any idea how I can fix the problem with glibc?

Portage 2.1.4.4 (selinux/2007.0/x86/hardened, gcc-3.4.6, glibc-2.6.1-r0, 2.6.25-gentoo-r7 i686)
=================================================================
System uname: 2.6.22-nova-r9 i686 unknown
Timestamp of tree: Mon, 22 Sep 2008 01:45:01 +0000
app-shells/bash:     3.2_p33
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.61-r2
sys-devel/automake:  1.10
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fstack-protector-all"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf
/etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fstack-protector-all"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks loadpolicy metadata-transfer sandbox selinux sesandbox sfperms strict
unmerge-orphans userfetch"
(Continue reading)

Permalink | Reply |
headers
Magnus Granberg | 9 Oct 00:40

Re: glibc

Ernesto Rodriguez Ortiz skrev:
> Hello here, I have some problems compiled glibc, I am trying to install a server with PaX and SELinux, I have
an decompressing stage3 hardened and portage, change the profile for selinux/2007.0/x86/hardened and
set the make.conf as a show down .Any idea how I can fix the problem with glibc?
>
> Portage 2.1.4.4 (selinux/2007.0/x86/hardened, gcc-3.4.6, glibc-2.6.1-r0, 2.6.25-gentoo-r7 i686)
> =================================================================
> System uname: 2.6.22-nova-r9 i686 unknown
> Timestamp of tree: Mon, 22 Sep 2008 01:45:01 +0000
> app-shells/bash:     3.2_p33
> dev-lang/python:     2.4.4-r6
> dev-python/pycrypto: 2.0.1-r6
> sys-apps/baselayout: 1.12.11.1
> sys-apps/sandbox:    1.2.18.1-r2
> sys-devel/autoconf:  2.61-r2
> sys-devel/automake:  1.10
> sys-devel/binutils:  2.18-r3
> sys-devel/gcc-config: 1.4.0-r4
> sys-devel/libtool:   1.5.24
> virtual/os-headers:  2.6.23-r3
> ACCEPT_KEYWORDS="x86"
> CBUILD="i686-pc-linux-gnu"
> CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fstack-protector-all"
> CHOST="i686-pc-linux-gnu"
> CONFIG_PROTECT="/etc /usr/share/X11/xkb"
> CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf
/etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"
> CXXFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer -fstack-protector-all"
> DISTDIR="/usr/portage/distfiles"
> FEATURES="distlocks loadpolicy metadata-transfer sandbox selinux sesandbox sfperms strict
(Continue reading)

Permalink | Reply |
headers
Mike Edenfield | 8 Oct 22:54

Re: glibc

Ernesto Rodriguez Ortiz wrote:
> Hello here, I have some problems compiled glibc, I am trying to install a server with PaX and SELinux, I have
an decompressing stage3 hardened and portage, change the profile for selinux/2007.0/x86/hardened and
set the make.conf as a show down .Any idea how I can fix the problem with glibc?

When you switch from a non-hardened to a hardened profile, you need to 
rebuild the entire toolchain in the correct order, then preferrably 
rebuild everything else.  This should also pick up any changes needed to 
support SELinux in your userland, plus pull in the userland tools and 
policy files.

 From the PaX Quickstart, the steps should be:

eselect profile set <hardened #>
emerge -1 binutils gcc glibc
emerge -e world

I can tell you from experience that jumping directly from a vanilla 
profile to an SELinux + hardened profile can be tricky, and I've ended 
up starting over a few times.  I would strongly suggest that you do them 
separately:

vanilla -> hardened -> selinux/hardened

This means you might end up recompiling a few packages multiple times, 
but it's more likely to succeed.  Follow the steps in the two 
installation guides:

http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2
(Continue reading)

Permalink | Reply |

Gmane