Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Can I have two different profiles on my machine?[SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 687
Location: Tokyo, Japan

PostPosted: Mon Jun 16, 2014 6:34 am    Post subject: Can I have two different profiles on my machine?[SOLVED] Reply with quote

I am currently using gentoo-sources for my kernel but am interested in trying the hardened sources. Is it possible to have multiple profiles/kernels? For example when grub boots up choose to boot into my regular kernel or a hardened kernel. I looked at the eselect stuff but it looks like yo can only choose one profile.

Last edited by Budoka on Sat Jun 21, 2014 11:59 am; edited 3 times in total
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5004
Location: Dark side of the mood

PostPosted: Mon Jun 16, 2014 7:30 am    Post subject: Reply with quote

Hi. If by "profile" you mean "a different kernel source tree", then yes, you can have multiple kernel source trees. It's by definition what happens when you upgrade a kernel source tree: portage always downloads and installs kernel sources side-by-side, it never updates an already installed source tree. You will have to add the new kernel to the boot loader configuration (Grub might come with scripts to do that).

If you have out-of-tree kernel modules (e.g. nvidia drivers) be sure to re-emerge those packages as well after you compiled the new kernel. By the way eselect kernel allows you to select one kernel among those you installed and compiled. I guess from your post you currently have only one kernel installed, right?
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 687
Location: Tokyo, Japan

PostPosted: Wed Jun 18, 2014 2:54 am    Post subject: Reply with quote

VinzC wrote:
Hi. If by "profile" you mean "a different kernel source tree", then yes, you can have multiple kernel source trees. It's by definition what happens when you upgrade a kernel source tree: portage always downloads and installs kernel sources side-by-side, it never updates an already installed source tree. You will have to add the new kernel to the boot loader configuration (Grub might come with scripts to do that).

If you have out-of-tree kernel modules (e.g. nvidia drivers) be sure to re-emerge those packages as well after you compiled the new kernel. By the way eselect kernel allows you to select one kernel among those you installed and compiled. I guess from your post you currently have only one kernel installed, right?


That is exactly what I was asking. Thanks for the clarification. I was able to emerge the hardened kernel sources in addition to the gentoo-sources and they both come up in my eselect kernel list.

So now just to deal with modules and compiling issues. Grub2 has a script that will add the new kernel to my bootloader for me.

Thanks again.
Back to top
View user's profile Send private message
VinzC
Watchman
Watchman


Joined: 17 Apr 2004
Posts: 5004
Location: Dark side of the mood

PostPosted: Wed Jun 18, 2014 8:47 am    Post subject: Reply with quote

Budoka wrote:
Thanks again.

You're welcome :) .
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739!
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 687
Location: Tokyo, Japan

PostPosted: Sat Jun 21, 2014 7:06 am    Post subject: Reply with quote

So I have run into a snag.

I was able to successfully emerge a different kernel source tree, eselect it, compile, add it to my grub menu and boot into it.

However when I eselect the new profile, in this case hardened, and do a world update it bombs out on a bunch of conflicts. Something like 167 of them. Is this normal and I just have to solve each one individually? If I revert back to the "desktop" profile world update works as normal.

I can give a pastebin of the errors if you would like but it is long.

Thanks.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43195
Location: 56N 3W

PostPosted: Sat Jun 21, 2014 10:14 am    Post subject: Reply with quote

Budoka,

When you install a hardened system, you are supposed to start with the hardened stage3.
I've never tried an update to hardened.

If you want a hardened install and a normal install side by side, they will meed their own root filesystems.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
i92guboj
Bodhisattva
Bodhisattva


Joined: 30 Nov 2004
Posts: 10306
Location: Córdoba (Spain)

PostPosted: Sat Jun 21, 2014 10:30 am    Post subject: Reply with quote

There's one BIG misunderstanding here that needs clearing.

You can install as many kernel as you wish, that's no problem.

But a hardened profile in Gentoo is much more than just a kernel. A lot of packages will need to be recompiled, a lot of extra dependencies will need to be pulled, lots of others won't be able to be installed any longer, at least not easily, since they will be masked (and for good reason) in the hardened profile. You might need to downgrade a good bunch of them as well.

The kernel alone won't provide you with a hardened system.

On the other side, a regular kernel which is not hardened-capable won't even be able to work properly on a userland that's been prepared for hardened.

Your best bet is truly to make two separate installs.

As for migrating from regular to hardened, yes, it can be done (or it used to be possible, it's been long...). I've done it once merely for my own enjoyment, but don't expect it to be an easy trip.
_________________
Gentoo Handbook | My website
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 687
Location: Tokyo, Japan

PostPosted: Sat Jun 21, 2014 11:52 am    Post subject: Reply with quote

NeddySeagoon wrote:
Budoka,

When you install a hardened system, you are supposed to start with the hardened stage3.
I've never tried an update to hardened.

If you want a hardened install and a normal install side by side, they will meed their own root filesystems.

Ah. OK. I understand. Thanks.
Back to top
View user's profile Send private message
Budoka
l33t
l33t


Joined: 03 Jun 2012
Posts: 687
Location: Tokyo, Japan

PostPosted: Sat Jun 21, 2014 11:57 am    Post subject: Reply with quote

i92guboj wrote:
There's one BIG misunderstanding here that needs clearing.

You can install as many kernel as you wish, that's no problem.

But a hardened profile in Gentoo is much more than just a kernel. A lot of packages will need to be recompiled, a lot of extra dependencies will need to be pulled, lots of others won't be able to be installed any longer, at least not easily, since they will be masked (and for good reason) in the hardened profile. You might need to downgrade a good bunch of them as well.

The kernel alone won't provide you with a hardened system.

On the other side, a regular kernel which is not hardened-capable won't even be able to work properly on a userland that's been prepared for hardened.

Your best bet is truly to make two separate installs.

As for migrating from regular to hardened, yes, it can be done (or it used to be possible, it's been long...). I've done it once merely for my own enjoyment, but don't expect it to be an easy trip.


Thank you very much. That cleared things up for me. I was confused in terms of the symlink for the kernel and the profile select for the system. That plus Neddy's explanation about starting with a hardened stage3 for the hardened kernel helped. For the moment I will just leave it alone.

As a side not can anyone give advise as to which kernel sources are best for a laptop. To date I have been using Gentoo-sources.
Back to top
View user's profile Send private message
frank9999
n00b
n00b


Joined: 20 Feb 2013
Posts: 61
Location: Germany

PostPosted: Sat Jun 21, 2014 12:28 pm    Post subject: Reply with quote

You could install a hardened system with hardened stage3, but you could also "convert" your existing system.
I did this about 2 weeks ago.
I have "converted" my existing system from profile:
"default/linux/amd64/13.0/desktop/kde/systemd"
to "hardened/linux/amd64 *".

This was a lot easier then expected.

I changed profile via eselect, added all needed useflags from old profile.
Then "emerge -1 glibc gcc binutils" the rebuild the most important tools.
Then checked with "emerge -pv --update --deep --newuse world" which other changes needs to be done.
In ~4 or 5 cases i must adjust the package.use and/or package.accept_keywords files.
Also added "-tools" and "-X" to /etc/portage/profile/use.mask.
Also i disabled "pax_kernel" Useflag for Nvidia and Virtualbox Modul.
Then "emerge -e system --keep-going" && "emerge -e world --keep-going"
Only one(!) package failed with the new "hardened" gcc for me: app-emulation/virtualbox-4.3.12
But with "x86_64-pc-linux-gnu-4.7.3-vanilla" compile was Ok.

After reboot everything worked with the old gentoo-sources kernel and even with Nvidia driver.
Also Kernel Update with Gentoo Sources works with this combination. I still have no working hardened sources kernel installed.
So hardened userland and no-hardened Kernel works.
I am using this on my laptop on a daily basis.


emerge --info
Portage 2.2.8-r1 (hardened/linux/amd64, gcc-4.7.3, glibc-2.17, 3.14.8-gentoo x86_64)
=================================================================
System uname: Linux-3.14.8-gentoo-x86_64-Intel-R-_Core-TM-_i7-2630QM_CPU_@_2.00GHz-with-gentoo-2.2

hardening-check vlc
vlc:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes


emerge -pv nvidia-drivers
[ebuild R ~] x11-drivers/nvidia-drivers-340.17 USE="X acpi multilib tools uvm -pax_kernel" 0 kB

I have about 1.500 packages installed,with KDE 4.13.2, systemd any many media apps, Steam from Overlay, etc..
If i have some more time i am switching then to hardened-sources.
The funny thing, some packages now needs less time to emerge... I do not know why...

The clean way is realy to start with a fresh stage3 install, but it just works also by "converting".
Back to top
View user's profile Send private message
nlsa8z6zoz7lyih3ap
Guru
Guru


Joined: 25 Sep 2007
Posts: 376
Location: Canada

PostPosted: Sat Jun 21, 2014 3:46 pm    Post subject: Reply with quote

Quote:
but it just works also by "converting".


I can confirm this as I did it a few days ago.
Steps:
(0) Back up your installation. (and undo prelink, if needed.)

(1) eselect appropriate hardened profile.

(2) emerge -uvDN @world --autounmask-write

(3) play around with use flags until step (2) succeeds. (Didn't take too much in my case, but someone else's experience might be much different.) Then emerge -vc .

(4) emerge -1v libtool; emerge -1v gcc

(5) use gcc-config to select the compiler you wish to use. (none of the vanilla, nopie etc choices)

(6) emerge -1v gcc;emerge -1v libtool

(7) emerge -ev @system;emerge -ev @world

(8) Configure and install a hardened kernel.




I know that this has already been covered, but I am posting just to show that someone else has done it too.

Added in edit:

Question: Does anyone know what security is gained, if any, if steps (1) through (7) are carried out. but one still uses a non-hardened kernel?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum