Matt Harrison wrote: > Kerin Millar wrote: >> 2008/10/13 Matt Harrison <[EMAIL PROTECTED]>: >>> I'm still fiddling to get my firewall running smoothly on hardened/selinux >>> >>> I'm re-emerging various things but I'm seeing this: >>> >>> PIE hardening not applied, as your compiler doesn't default to PIE >>> >> You set the "hardened" USE flag, which is normally exported by the >> standard hardened profile and, indeed, the equivalent sub-profiles in >> the selinux namespace. This is appropriate when using - and building - >> the hardened toolchain. In the case of glibc, it installs several >> patches to aid in the generation of system-wide PIE binaries and >> facilitates SSP handling. However, you are not actually using a >> suitable instance of gcc with the correct specs activated, presumably >> because you didn't begin with a hardened stage tarball - and toolchain > > Well I installed from the stage3-hardened 2008 tarball...then I > recompiled most of it for selinux, all the time my profile was set to > selinux-hardened. > >> - in the first instance (in turn, perhaps owing to the somewhat >> irregular nature of the SELinux installation process in Gentoo). The >> only supported compiler for this particular intent is gcc-3.4.6-r2 and >> you may peruse and switch between the available specs using the >> gcc-config tool. > > Maybe it's defaulting to using 4.x and that isn't hardened.
That's exactly what was happening, I've set my profile to 3.4.6-r2 and I'm not getting those messages any more. I'm going to emerge -e world tonight and see if that helps out some of the other problems I'm having. Thanks Kerin Matt
