Going to try to settle and clarify things once and for all.
You can switch back to non hardened if needed, make sure you have your
old non hardened kernel as an option on your bootloader just in case as
that will disable most hardening features (including PIE), so your
system will only have SSP as source of possible troubles.
The steps on the FAQ have been agreeded by the whole hardened team on
meetings, and there are reasons for them:
You need to emerge gcc and glibc on the first stage to make sure they
include any hardening needed since they are patched (at least gcc is and
glibc includes the SSP code).
You need to emerge then system for two reasons, first because if
something fails going back will be easier, then because some of the
system libraries and tools have hardening patches.
Finally you need to emerge the whole world to make sure all the packages
(even system ones) are built and linked with hardened features and
libraries.
In a similar way you can repeat the above steps again after going back
to your preferred non hardened profile.
Also remind that any changes from hardened to non hardened and viceversa
must be made on a non hardened kernel.
Tip: generate binary packages for world before jumping to hardened as
that will make recovery easier in case the change fails and will speed
up going back a lot.
BTW: for those of you who haven't noticed we added the --keep-going flag
to the system and world emerges so the system keeps trying to build if
any of the packages fails, in that case filling a bug would be a good idea.
Not more to say, if you need to run in softmode just follow the FAQ but
then PaX will be mostly disabled so it is an almost not hardened kernel
meanwhile.
signature.asc
Description: OpenPGP digital signature
