Using Sabayon as hardened Gentoo. Is it possible?

[Ritana]

Hi guys,

I just would like to try the hardened gentoo profile and patch my kernel with PaX, if it's possible. (yes, I have a lots of time)
Unfortunately, when I tried it being guided by the official hardened gentoo documents my trial system crashed after the first reboot.
(it said a serious recursive error had been successfully fixed but reboot was needed... I've restarted my Sabayon a few times but the result still the same. At last, I re-installed it)

Or in the case of that it's impossible for some reason, is there another way to make my system so bullet proof as the way PaX kernel patching promise?

Oh, yes . And I still have an important question yet: is it true that Linus was forced to develop SELinux to (well, how can I say...) quite enough "NSA-compatible" ?

[sabayonino]

Sorry . I'd never run gentoo-hardened

but :

Oh, yes . And I still have an important question yet: is it true that Linus was forced to develop SELinux to (well, how can I say...) quite enough "NSA-compatible" ?

http://www.linuxnewstoday.org/linux-new ... news.shtml

[Ritana]

Thank you so much, that's link contained a lot of important information for me

Anyway, it turned out the system fault I mentioned before was independent from using eselect profile . (3.10 kernel used to have some bug)

So my next question is that can I change my gentoo-profile safely in Sabayon Linux too ? I don't want to take my system to ruin again by experimenting.

[sabayonino]

Thank you so much, that's link contained a lot of important information for me

Anyway, it turned out the system fault I mentioned before was independent from using eselect profile . (3.10 kernel used to have some bug)

So my next question is that can I change my gentoo-profile safely in Sabayon Linux too ? I don't want to take my system to ruin again by experimenting.

eselect-profile set some local useflags but it works properly with portage and you must recompile with the new useflags

Code: Select all

# eselect profile set <n_profile>

and then recompile your system (see links below)

please consider to run portage instead entropy for this

sabayon's profile is set to build binary packages.

...at your own risk



[edit] see hardened-gentoo intro/wiki
http://www.gentoo.org/proj/en/hardened/primer.xml
https://wiki.gentoo.org/wiki/Hardened_Gentoo/en


[edit-2] I suggets to build gentoo from scratch

[Ritana]

Thank you!

Yes, I've tried to "enchant" my Sabi being guided these instructions, but the vital step (ie re-emerging gcc and bin-utils) has always failed. :-/

I've learnt that yet I can't handle Sabayon as a native Gentoo Linux but this is understandable. Perhaps, the last step of using hardened profile is a @world updating in Gentoo. But as far as I know this is surest way to kill your Sabayon using one command only

So I'm not sure I will be ever able to take advantage of the PaX and PIE patching.
Seemingly it requires hacking my system in a very sophisticated way and not in my level. :-/