ugh they are the ones you may catch.
>
> p.s. There really should be a central linux kernel security problem
> site as the work of necessarily good people seems duplicated at the
> moment?
>
Gentoo is not the only system with lots of daily updates. I used to use
tripwire on RedHat boxes years ago and it was tedious sifting through
the files changes. To construct good rules about what triggered an
alert just shifted the tedium.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
.net/ubuntu/+source/udisks/+bug/880965";
> set as won't fix and also e.g. apt-get expecting /tmp exec.
How would you handle /etc/ ? You can't separate it from / which needs
to be exec and yet /etc/ needs to be writeable.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
ram. You get a fully featured Gnome desktop so its
pretty ram intensive. It requires 4GB.
http://opensource.dyc.edu/tinhat
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
re dependant that it probably has other
issues too :(
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
an relax
the sysfs restrictions, if possible. Otherwise I'll relax this on the
WORKSTATION profile.
The randkstack <-> glibc is of concern. If you can open a bug for it
(or at least pass on your kernel config) I'll try to reproduce and help
to get pageexec the details he needs.
t for cross compiling. You should be able to
propagate these stage4's by just updating them in place.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
team.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
get something
like PaX off the ground. My own approach is to keep pressure on
upstream to change their coding practice. It seems like the only
practical approach for the near future.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 870
one set of
problems with another. If anyone has time to test, let me know if you
encounter any issues.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
ed #1
Call Trace:
I believe pipacs has fixed this. Please everyone, retest
hardened-sources-2.6.32-r89.ebuild
hardened-sources-3.2.2-r1.ebuild
I just added them to the tree. I'll rapid stabilize these in about 24
hours if no one has any issues.
--
Anthony G. Basile,
on that, just to eliminate some possibilities. I
didn't change anything in it's default setup, except to set
MAKEOPTS="-j5". No joy, it doesn't build anyway. Any clues as to what I
have to do to make it build?
If you tried gcc-4.5.3-r1 and hit a bus error then try gc
bmit a full bug report,
https://bugs.gentoo.org/show_bug.cgi?id=396059
Two things to note here:
1) internal compiler error: Bus error
2) Please submit a full bug report,
The second isn't chastisement, gentoo's bugzilla is a wealth of knowledge.
--
Anthony G. Basile, Ph. D.
Chair
ystem.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
ays 'some error happens, see logs' and do nothing. And
it logs are huge and I can't find actual error message.
Is anyone have working vmware/virtualbox on hardened amd64?
Please open a bug
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
G
olate the problem? As I
said it seems to be gone in later kernels.
our hardened-sources-3.2.2-r1 = grsecurity-2.2.2-3.2.2-201201272014
the 3.2.7 which I will put up in a bit is the very latest which came out
today.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville
organized in a way that makes it convenient for devs to
know what needs to be done next. When my bugs get into the dozens,
there's no way I can fish through emails to find stuff.
http://www.gentoo.org/doc/en/bugzilla-howto.xml
--
Anthony G. Basile, Ph. D.
Chair of Information Techno
On 03/01/2012 04:26 PM, "Tóth Attila" wrote:
Which version of gradm is ought to be compatbile with hardened-sources-3.2.7?
h.s-3.2.7 needs gradm-2.9* Upstream just jumped to grsec 2.9 so I'm not
surprised that there may be bugs.
Can you please open a bug and I'll cc upstream on it. Include
ned and its probably leftover cruft
from days gone by.
Any reason not to, else its gone.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 04/21/2012 07:05 AM, Anthony G. Basile wrote:
Hi everyone,
I'd like to remove USE="-unicode" from make.defaults at the root level
of all hardened profiles. The request came from jmbsvicetto because he
required it for the hardened stages to build, but to be honest, I don't
(after
some more testing).
Wkr,
Sven Vermeulen
Why are you trying to avoid a global variable? I'd think that's less of
a QA issue than a trigger file.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
hat might affect how your binaries are getting built.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
as introduced to distinguish the above from USE="hardened"
which only refers to the toolchain, and the goodies it brings along.
Having said that, its clearly better to disable JIT and not pax mark
then vice versa. We have jit disabled by default in the hardened profiles.
--
Anthony
hardening features off. Pay attention to GRKERNSEC_IO,
PAX_PAGEEXEC, PAX_KERNEXEC, PAX_MEMORY_UDEREF.
Make sure its not a toolchain issue. It is not if you keep everything
the same and just boot on kernel and it works, the other and it doesn't.
I don't have this card so it would be difficu
es, eg selinux or the new pax markings, you
must have xattr.
I don't think this answers your question but it does give you more context.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 05/20/2012 08:06 PM, Maxim Kammerer wrote:
On Mon, May 21, 2012 at 1:46 AM, Anthony G. Basile
wrote:
Okay this is where I have to redirect you because I'm not aware of this
particular issue, ie why consolekit needs tmpfs posix acls.
If I am not mistaken, ConsoleKit uses ACLs to gran
sually within a day or two.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
that it is false.
:p
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
ps
radeon compiled with llvm needs some fancy pax markings, but also works
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 06/08/2012 12:34 PM, Javier Juan Martínez Cabezón wrote:
On 08/06/12 17:35, Anthony G. Basile wrote:
Only critical bug is broken VMware/VirtualBox on amd64+hardened.
This one is a moving target. Sometimes broken, times fixed. kvm is
working very well of late.
Uh!, even with kernexec
rsbac was supported in gentoo and maintained by Kang.
I'm supporting it again.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
nted to bring some
light to the whole hardened + virtualization world, but I didn't get
very far with xen and kvm worked so much better.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
urces/hardened-patches/
I'm just not going to make it easy for you :P
Comments?
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
ou like to
ipv6 in your /etc/make.conf. In about 24 hours I will turn on by
default ipv6 on all hardened profiles.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
eo codecs still suck on the i686 image.
Home page: http://opensource.dyc.edu/tinhat
Downloads: http://opensource.dyc.edu/tinhat-downloads
Changelog: http://opensource.dyc.edu/tinhat-changelog
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
v6, and provide
minimum recommended configuration for IPv6 routing/firewall? I think
enabling IPv6 by default should begins from writing such docs.
Please opt out. USE="-ipv6" in /etc/make.conf
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
6 only env need
USE="ipv6" by default. Please opt out with USE="-ipv6" if you don't
want it.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 06/28/2012 07:19 AM, Ed W wrote:
Lets switch ipv6 on by default
Cheers
Ed W
Thanks for your understanding Ed.
ivp6 is now on by default on all hardened profiles.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709
articular: a)
the granularity of the virt options and 2) the ability to start with
some baseline Automatic config and then tweak. However, give me
feedback because we need to make them work for our users.
Enjoy!
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen.
On 07/01/2012 04:04 PM, Anthony G. Basile wrote:
Hi everyone,
2. I've tried to keep the Gentoo GIDs where possible. There is one bug
that I've noticed, which I'm passing to upstream. Toggling "Invert GID
option" under TPE does not toggle between our trusted (GID=1
still breakage, 3) not so bad, 4) fixed. I try catch it at #4 before
they start the cycle all over again.
Hope this helps to explain my release policy.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
kernel. I have PAX_SIZE_OVERFLOW off. I didn't even try
turning it on since its still very experimental.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
about 240 packages were updated. The toolchain was updated to
hardened gcc-4.5.4, glibc-2.15-r2 and binutils-2.22-r1. The kernel was
update to hardened-sources-3.2.30.
Home page: http://opensource.dyc.edu/tinhat
Downloads: http://opensource.dyc.edu/tinhat-downloads
--
Anthony G. Basile, Ph. D.
. I'm working on i686 now so you may want
to wait on those. Any stage marked on or later than oct 25 should be good.
Note: the vanilla is just hardened with USE="-hardened" set in
make.conf. They are being built as a comparison to the hardened.
--
Anthony G. Basile, Ph.D.
17 AM, Anthony G. Basile wrote:
Hi everyone,
Either today or tomorrow, there will be two new experimental hardened
profiles, one on amd64 and the other x86. These will be:
hardened/linux/uclibc/amd64
and
hardened/linux/uclibc/x86
Please be careful with them! Do not try to switch to these pro
?
Thanks for all.
When last I tried to apply the pax patches on top of rsbac, they did not
go. People kept saying the did, but they did not without hacking. If
you want to provide me with an rsbac patchset and pax patchset that are
compat I will try again.
--
Anthony G. Basile, Ph.D.
Gentoo
e, man emerge and man make.conf and you should be good to
go. The handbook is at
http://www.gentoo.org/doc/en/handbook/
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
ns to gentoo-hardened@ there are
other people that are inerested.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
On 12/13/2012 05:05 PM, Maxim Kammerer wrote:
On Thu, Dec 13, 2012 at 11:31 PM, Anthony G. Basile wrote:
On 12/13/2012 11:46 AM, Brian S. Stephan wrote:
It just sets the PHYSICAL_START and PHYSICAL_ALIGN ranges back to their
original values. I have been running with that patch for a month now
runtime use...
Thanks for your work on this!
Pay me in beer or patches :)
Ed W
On 02/11/2012 11:24, Anthony G. Basile wrote:
Hi everyone,
Can I get feedback regarding the subproject page at
http://www.gentoo.org/proj/en/hardened/uclibc/
before I link it up and announce it to the re
e. Its in the elfix repositorty but
I'm working on it to add another option -d which will remove all
XATTR_PAX markings from the system so one can un-migrate. By the end of
the day that may already be in there :)
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-
hedges against escalation.
There is no danger of escalation when it comes to processes that below
to a low privileged user.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
he information go away...
I don't think it should go away, just have a quickstart and a deepdive.
http://www.youtube.com/watch?v=IoY0Qa0zU0A
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
Can people please comment on the PT_PAX to XATTR_PAX migration guide
before I put it up on line
http://dev.gentoo.org/~blueness/zzz/pax-migrate-xattr.xml
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE
On 01/03/2013 10:31 PM, Michael Orlitzky wrote:
On 01/03/2013 08:45 PM, Anthony G. Basile wrote:
Can people please comment on the PT_PAX to XATTR_PAX migration guide
before I put it up on line
http://dev.gentoo.org/~blueness/zzz/pax-migrate-xattr.xml
Everything looks good to me except the
On 01/04/2013 12:44 PM, viv...@gmail.com wrote:
Il 04/01/2013 16:51, Michael Orlitzky ha scritto:
On 01/04/2013 07:11 AM, Anthony G. Basile wrote:
You also mention adding the overlay and "make sure you set up your
repos.conf." I'm just not sure what you mean there, I've n
On 01/04/2013 08:24 PM, PaX Team wrote:
On 22 Dec 2012 at 12:13, Anthony G. Basile wrote:
http://dev.gentoo.org/~blueness/zzz/pax-quickstart.xml
It describes pretty much anything. Give it a read and let me know what
you think should be added.
some notes:
Note that if you enable both
0 00 00
00 49 8b 95 98 00 00 00 48 85 d2 0f 84 85 00 00 00 48 8b 42 18<48> 8b
48 30 48 8b 82 c8 00 00 00 f0 48 ff 42 30 71 07 f0 48 ff
RIP [] dup_mm+0x261/0x4c0
RSP
CR2: 0030
---[ end trace 969655b532a2156e ]---
[1] https://bugs.gentoo.org/show_bug.cgi?id=448906
27;t
eselect them, but a user could manually create those links.
If no one is using them, I'll mark them deprecated, and dump them in a
month or two.
Comments?
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
ose deprecation was started by Gordon (gengor) and ended
by me. I kept these sub-profiles around because they were there in the
old set when I migrated. But over time I began to realize their
uselessness. Time to clean shop.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'
On 01/28/2013 04:28 PM, Anthony G. Basile wrote:
On 01/28/2013 03:17 PM, "Tóth Attila" wrote:
I'm using [20] hardened/linux/amd64/no-multilib.
If it will be discontinued, please let us know about the proper
replacement profile.
Regards:
Dw.
To be clear, all the profiles th
On 02/07/2013 06:08 PM, "Tóth Attila" wrote:
It turns out, that java-vm-2.eclass will call pax-mark with -Cm flags on
https://bugs.gentoo.org/show_bug.cgi?id=445948
I'm on it.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
If you did the work upload the patch!
On 02/08/2013 01:07 AM, "Tóth Attila" wrote:
Before reading the bug I modified the eclass exactly the same way how it
has been mentioned. And it solves the problem apart from the ongoing
discussion in the bug's thread.
--
Anthony G. Basil
way around this. We will put up with it for
about six months and then hardened/linux will inherit 13.0 and
hardened/linux/13.0 will go bye-bye. We may have to move faster if 10.0
and 13.0 start to diverge too quickly.
Enjoy!
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
utils-2.22-r1 and the hardened kernel to hardened-sources-3.7.5-r1.
In all, about 400 packages were updated.
Thanks to all the hardened-dev people.
Home page: http://opensource.dyc.edu/tinhat
Downloads: http://opensource.dyc.edu/tinhat-downloads
--
Anthony G. Basile, Ph. D.
Chair of Inform
hould be
transparent to the users, so no other announcement (eg news item) is
needed. Comments before I push that out?
--Tony
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
Gnu
On 03/23/2013 10:52 AM, Matthew Summers wrote:
On Sat, Mar 23, 2013 at 9:44 AM, Anthony G. Basile wrote:
Hi everyone,
Currently the hardened profiles are inheriting from the older 10.0 profiles.
We held back to make sure things would work and even created a test profile
profiles/hardened
12707
Thanks for bringing that to my attention. Looks like 3.8.3 was not a
good choice. Let me see if I can back port the fix or stabilize the
next bump.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
That's not what's happening there. No XATTR_PAX flags implies the
default markings which is "-e---". This is so we don't have to go
around creating xattrs on every ELF binary on your system just to get
the default. Upstream wanted it that way and it does make sense.
On 05/29/2013 02:31 AM, "Tóth Attila" wrote:
2013.Május 29.(Sze) 03:29 időpontban Anthony G. Basile ezt írta:
On 05/28/2013 07:46 PM, "Tóth Attila" wrote:
If PT_PAX has E, python2.7 would not start on my system.
Let's correct that:
paxctl-ng -e /usr/bin/python2.
On 05/29/2013 07:55 PM, PaX Team wrote:
On 28 May 2013 at 21:29, Anthony G. Basile wrote:
Unfortunately it is very difficult to find everything that links against
everything on a system. First there's just a simple logistic problem,
going through all ELF on a system and running ld
On 05/30/2013 11:45 AM, Magnus Granberg wrote:
torsdag 30 maj 2013 11.13.45 skrev Anthony G. Basile:
migrate-pax also will copy PT_PAX to XATTR_PAX flags identically with
one exception, if PT_PAX = "-e---" then no user.pax.flags xattr is
created. I am always thinking in terms
too, add to that
stage3-armv7a-softfloat-uclibc-hardened
stage3-armv7a-softfloat-uclibc-vanilla
--Tony
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
toolchain hardening
Note: softfp != soft. man 1 gcc for the difference.
Please test and let me know. I've been updating on roughly a monthly basis.
FYI: I do not plan to build < armv7a.
--Tony
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
Gnu
;, PAX_XATTR_PAX_FLAGS=y
in my kernel, PAX_MARKINGS="PT XT" in my make.conf and I am using
>=portage-2.1.12.9. So far everything works. Markings get where they
are supposed to go and all the usual problematic packages work.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 07/08/2013 09:09 AM, Alex Efros wrote:
Hi!
On Mon, Jul 08, 2013 at 09:03:43AM -0400, Anthony G. Basile wrote:
In your make.conf set PAX_MARKINGS="PT" in the former case or
PAX_MARKINGS="XT". It is safe to set both: PAX_MARKINGS="PT XT"
What is default if i
ting for the project.
Thanks!
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
ns are of each. Someone could start there with the wiki.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
y and then figure out how to get portage (or other gentoo
tools) to automate what you did manually.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
" !
Anyway yes, the suggestion of Anthony G. is a good start , I am maybe too much
optimistic regarding SMACK , but it does not seem that complicated.
____________
De : Anthony G. Basile
À : gentoo-hardened@lists.gentoo.org
Envoyé le : Mercredi 4 septembre 2013
hrown for non hardened
users which annoyed them. So we dropped to just PT.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 09/09/2013 01:56 PM, Michael Orlitzky wrote:
On 09/09/2013 01:47 PM, Anthony G. Basile wrote:
That was my mistake. When I dropped XT I forgot to update the comment.
We tried XT right off the bat, but discovered a couple of problems: 1)
install doesn't preserve xattr. we have a sol
On 09/09/2013 07:45 PM, Michael Orlitzky wrote:
On 09/09/2013 05:26 PM, Anthony G. Basile wrote:
You can use XT_PAX provided you're not running something like a
tinderbox, ie doing massive amounts of ebuilds. The problem is that
install is being wrapped by install.py. As a result
On 09/09/2013 06:06 PM, Alex Efros wrote:
Hi!
On Mon, Sep 09, 2013 at 05:26:57PM -0400, Anthony G. Basile wrote:
install is being wrapped by install.py. As a result every instance of
install mean invoking the python interpreter. With lots and lots of
installs, this adds up to being very slow
On 09/10/2013 09:08 AM, Sven Vermeulen wrote:
On Sep 10, 2013 3:03 PM, "Michael Orlitzky" wrote:
On 09/10/2013 07:44 AM, Anthony G. Basile wrote:
On 09/09/2013 07:45 PM, Michael Orlitzky wrote:
On 09/09/2013 05:26 PM, Anthony G. Basile wrote:
You can use XT_PAX provided you'
On 09/10/2013 08:52 AM, "Tóth Attila" wrote:
2013.Szeptember 10.(K) 13:50 időpontban Anthony G. Basile ezt írta:
On 09/09/2013 06:06 PM, Alex Efros wrote:
Hi!
On Mon, Sep 09, 2013 at 05:26:57PM -0400, Anthony G. Basile wrote:
install is being wrapped by install.py. As a re
On 09/10/2013 10:03 AM, Sven Vermeulen wrote:
On Sep 10, 2013 3:59 PM, "Anthony G. Basile"
wrote:
If the project developers don't mind end user changes the documents can
be
moved to the general location (like we did with many SELinux related
documents).
You can always pu
On 09/10/2013 10:40 AM, "Tóth Attila" wrote:
2013.Szeptember 10.(K) 16:00 időpontban Anthony G. Basile ezt írta:
On 09/10/2013 08:52 AM, "Tóth Attila" wrote:
2013.Szeptember 10.(K) 13:50 időpontban Anthony G. Basile ezt írta:
On 09/09/2013 06:06 PM, Alex Efros wrote:
re's
something wrong with the pypax python module. Can you test using
pypaxctl to set some pax flags on a non-critical elf binary and see if
it works.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 10/04/2013 12:23 AM, Alex Efros wrote:
Hi!
On Mon, Sep 09, 2013 at 05:26:57PM -0400, Anthony G. Basile wrote:
You can use XT_PAX provided you're not running something like a
tinderbox, ie doing massive amounts of ebuilds. The problem is that
install is being wrapped by install.py.
e ebuild to fail just because
pax-mark fails. People on vanilla profiles without xattr support will
be annoyed.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 10/19/2013 08:56 PM, Michael Orlitzky wrote:
On 10/19/2013 08:29 PM, Anthony G. Basile wrote:
Can you check to see if the || die is required only on packages before
EAPI = 5? Or is it on all EAPI versions?
It's required anywhere you want the ebuild to die when pax-mark fails.
AFAIK
hich is written in python and slow as hell.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
urce tree
kernel module being built and requiring a patch, eg constification, then
some other solution needs to be found.
What ebuilds are we talking about here that fit the later category?
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG
just not
the implementation we had which was broken.
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail: bluen...@gentoo.org
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA
GnuPG ID : F52D4BBA
On 10/22/2013 02:06 PM, Anthony G. Basile wrote:
On 10/22/2013 01:09 PM, Rick "Zero_Chaos" Farina wrote:
4.0 Selinux
5.0 System Integrity
6.0 Profile
I'd like to specifically discuss bringing back the desktop profile by
user request.
The old desktop/server/developer profiles w
TZamgQdQLKOluTEPZ4gkAKH5jUHrg70cfQMG1HXMZFqC64aSi8
lUkJE3WYhuXJX9S6RvDE
=G/D/
-END PGP SIGNATURE-
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
On 10/22/2013 07:52 PM, Rick "Zero_Chaos" Farina wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/22/2013 02:15 PM, Anthony G. Basile wrote:
On 10/22/2013 02:06 PM, Anthony G. Basile wrote:
On 10/22/2013 01:09 PM, Rick "Zero_Chaos" Farina wrote:
4.0 Selinux 5.0
On 10/22/2013 07:49 PM, Rick "Zero_Chaos" Farina wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/22/2013 01:56 PM, Anthony G. Basile wrote:
On 10/22/2013 01:09 PM, Rick "Zero_Chaos" Farina wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/21/2013 03:00
ug pipacs about this.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
hing that report upstream.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
101 - 200 of 249 matches
Mail list logo
