Hardened Kernel 2.4 / 2.6 and portage configuration

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Hardened Kernel 2.4 / 2.6 and portage configuration

Mivz
When I use the hardened portage profile (/usr/portage/profiles/hardened/x86)
I can not merge a 2.6 kernel. It reports it is masked by profile.
Then a again. When I want to use SELinux it is advised to use a 2.6 kernel.
This is no problem whit the SELinux profile.
But when the SELinux distro is hardened, why can't I use a 2.6 kernel
whit the default hardened profile?
Is 2.6 not secure enoughe? Is 2.6 onley secure enoughe whit SELinux enabled?

What does the hardened/SELinux profile actually do, except for the
CFLAGS, LDFLAGS and the package masks? Could I just use a normal profile
and add the correct flags to my make.conf?
Or are the use flags (hardened, pic and pie) enough to build a Hardened
Gentoo system and will the ebuilds addapt the FLAGS to those?

Mivz
--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: Hardened Kernel 2.4 / 2.6 and portage configuration

solar-4
On Thu, 2005-11-24 at 16:14 +0100, Mivz wrote:

> When I use the hardened portage profile (/usr/portage/profiles/hardened/x86)
> I can not merge a 2.6 kernel. It reports it is masked by profile.
> Then a again. When I want to use SELinux it is advised to use a 2.6 kernel.
> This is no problem whit the SELinux profile.
> But when the SELinux distro is hardened, why can't I use a 2.6 kernel
> whit the default hardened profile?
> Is 2.6 not secure enoughe? Is 2.6 onley secure enoughe whit SELinux enabled?
>
> What does the hardened/SELinux profile actually do, except for the
> CFLAGS, LDFLAGS and the package masks? Could I just use a normal profile
> and add the correct flags to my make.conf?
> Or are the use flags (hardened, pic and pie) enough to build a Hardened
> Gentoo system and will the ebuilds addapt the FLAGS to those?

If you want selinux + hardened features, then use the selinux profile
and add +hardened +pic to your USE= flags; then

emerge gcc
emerge -e world

If you want to use 2.6 and not selinux then you need to link to the
correct sub profile.

$PORTDIR/profiles/hardened/x86/2.6/


--
Ned Ludd <[hidden email]>
Gentoo Linux

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: Hardened Kernel 2.4 / 2.6 and portage configuration

kang-2
In reply to this post by Mivz
Mivz wrote:

> When I use the hardened portage profile
> (/usr/portage/profiles/hardened/x86)
> I can not merge a 2.6 kernel. It reports it is masked by profile.
> Then a again. When I want to use SELinux it is advised to use a 2.6
> kernel.
> This is no problem whit the SELinux profile.
> But when the SELinux distro is hardened, why can't I use a 2.6 kernel
> whit the default hardened profile?
> Is 2.6 not secure enoughe? Is 2.6 onley secure enoughe whit SELinux
> enabled?
>
> What does the hardened/SELinux profile actually do, except for the
> CFLAGS, LDFLAGS and the package masks? Could I just use a normal
> profile and add the correct flags to my make.conf?
> Or are the use flags (hardened, pic and pie) enough to build a
> Hardened Gentoo system and will the ebuilds addapt the FLAGS to those?
>
> Mivz

To phrase it clearly, default kernel with hardened profile is 2.4, while
its 2.6 with other profiles.
This is because the 2.4 kernel is usually considered more stable/secure
as it does not change a lot and has been reviewed a few times.

So you should just point your profile to 2.6
--
[hidden email] mailing list