Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Profile for hardened with systemd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
olger901
l33t
l33t


Joined: 17 Mar 2005
Posts: 625

PostPosted: Mon Apr 04, 2016 5:32 pm    Post subject: [SOLVED] Profile for hardened with systemd Reply with quote

Hello all,

I recently wanted to install Gentoo on my new server, but I noticed there was no profile in the portage for a hardened system with systemd. Which profile should I use if I want to use a hardened profile with systemd? Should I use the hardened profile or the regular systemd profile? If so, which settings should I be using if I use the systemd profile as base to make it hardened or what settings should I be using if I use the hardened profile to make use of systemd (just the systemd USE flag and a few minor modifications)? Is the hardened profile even supported with systemd?


Last edited by olger901 on Mon Apr 04, 2016 8:28 pm; edited 1 time in total
Back to top
View user's profile Send private message
Tatsh
Apprentice
Apprentice


Joined: 22 Jul 2007
Posts: 179

PostPosted: Mon Apr 04, 2016 6:48 pm    Post subject: Reply with quote

I use the hardened/linux/amd64/no-multilib profile with systemd. Currently on kernel 4.3.3 soon to upgrade to 4.4.2.

The only thing is getting the USE flags and kernel correct. My USE flags are a bit custom and I want to have a useful server for many things (video encoding, etc) but avoid installing GUI stuff at all costs.

Code:
USE="-berkdb -debug -cdda -cdr -encode -firefox -fortran -gtk -gnome -handbook -ios -ipod -ldap -mng -nas -oss -pulseaudio -sdl -startup-notification -vhosts -xml -xscreensaver -webkit -qt -X bash-completion cjk crypt gif gpm idn jemalloc jpeg nls png ssl svg syslog systemd tiff vim-syntax -libav ffmpeg"

# And if you use Dracut
DRACUT_MODULES="crypt crypt-gpg crypt-loop dmraid gensplash lvm ssh-client systemd"


I do not recommend trying to use your own non-systemd initramfs. Use Dracut to create a correct systemd one. Don't forget to update your initramfs when you update systemd.

The systemd ebuild will complain if you are missing kernel options, so just watch out for that (meanwhile on gentoo-sources it's one option to pick).

Follow the guide otherwise: https://wiki.gentoo.org/wiki/Systemd#Installation
Back to top
View user's profile Send private message
olger901
l33t
l33t


Joined: 17 Mar 2005
Posts: 625

PostPosted: Mon Apr 04, 2016 8:27 pm    Post subject: Reply with quote

I've read that genkernel-next should work too (for building a systemd compatible initrd). So I think I'll make use of that in combination with EFIStub for booting and mdraid (Linux software RAID) for my RAID-1 set-up. Thank you for your help so far, I'll give it a go :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum