On Friday, 25 November 2016 11:38:21 UTC, raah...@gmail.com wrote: > can you just tell us the options so we can compile it ourselves? paste the > cfg or something.
https://wiki.gentoo.org/wiki/Hardened/FAQ#Do_I_need_to_pass_any_flags_to_LDFLAGS.2FCFLAGS_in_order_to_turn_on_hardened_building.3F Also: > Can I add -fstack-protector-all or -fstack-protector in the make.conf CFLAGS? > No, they will likely break the building of many packages, amongst others > glibc. in other words these options will break some packages - particularly glibc; ulibc is more flexible in that regards. There's also: https://wiki.gentoo.org/wiki/Hardened/Toolchain It's not as straightforward as you think. Perhaps you can build selected applications as statically linked with PIE, and place it in a grsec chroot instead - it would be a lot simpler. I'd really like to see Gentoo (hardened) support, that and OpenBSD. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/85a85993-5aaa-42a5-b627-3ff158fe456f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
