On 01/16/2014 06:43 PM, James wrote: > Ok, so I have a fresh install on a stable AMD system. > I have decided to go the full hardened/selinux route. > I found this guide to convert this newly installed system: > > http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml?part=2&chap=1 > > So the current version of python selected is 3.3. This guide > mandates Python 2.7. However after do this there is no > requirement to run 'python-updater' ? Should I recompile > everything after this step, before completing the rest of the > guide's steps.
It should be fine -- the system came with both versions so all of the software should be built for both already. > After the guides steps are completed, should I run a > emerge --update --newuse --deep @system @world You will want the PaX markings, so yes. To save yourself some future pain I would start out with the xattr-based markings: https://wiki.gentoo.org/wiki/Hardened/PaX_flag_migration_from_PT_PAX_to_XATTR_PAX I think all you need to do for a fresh install is set the correct kernel options and USE flags, then set PAX_MARKINGS="XT" in make.conf. After an `emerge -e world` you should get all of the markings.
