# Copyright 2006 Gentoo Foundation. # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/profiles/hardened/package.mask,v 1.11 2006/10/09 23:21:30 pebenito Exp $ # This file is additional masking for the hardened profile # Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e. # backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C # library). After that, may still need to be masked on x86 as some # PIC assembler that worked pre-4 fails post-4, e.g. bug #104966). # If you want to play with it, unmask in /etc/portage/package.unmask # but be prepared to rebuild anything you build with gcc-4, later. # 2006-01-11 kevquinn =sys-devel/gcc-4* # Mask off glibc-2.4 until the approach for SSP compatibilty is # resolved in a way that doesn't break running systems, and we # have a sensible upgrade path. Advise having a static busybox # around if you try it in a live system. # 2006-03-13 kevquinn =sys-libs/glibc-2.4* # And 2.5... # 2006-10-09 kevquinn =sys-libs/glibc-2.5* # These packages do more harm than good w/ hardened. # users must now the opensource xorg nv driver with nvidia cards. # By placing Driver "nv" in xorg.conf # 2006-06-29 solar x11-drivers/nvidia-drivers x11-drivers/nvidia-legacy-drivers media-video/nvidia-settings # Shouldn't be merging these SELinux packages on this profile # but this keeps repoman happy since they require >=glibc-2.4 # 20061009 pebenito >=sys-apps/policycoreutils-1.30.30 >=sec-policy/selinux-apache-20060101 >=sec-policy/selinux-arpwatch-20060101 >=sec-policy/selinux-asterisk-20060101 >=sec-policy/selinux-audio-entropyd-20060101 >=sec-policy/selinux-base-policy-20060101 >=sec-policy/selinux-bind-20060101 >=sec-policy/selinux-clamav-20060101 >=sec-policy/selinux-clockspeed-20060101 >=sec-policy/selinux-courier-imap-20060101 >=sec-policy/selinux-cyrus-sasl-20060101 >=sec-policy/selinux-daemontools-20060101 >=sec-policy/selinux-dante-20060101 >=sec-policy/selinux-dhcp-20060101 >=sec-policy/selinux-distcc-20060101 >=sec-policy/selinux-djbdns-20060101 >=sec-policy/selinux-ftpd-20060101 >=sec-policy/selinux-gnupg-20060101 >=sec-policy/selinux-gpm-20060101 >=sec-policy/selinux-ipsec-tools-20060101 >=sec-policy/selinux-jabber-server-20060101 >=sec-policy/selinux-kerberos-20060101 >=sec-policy/selinux-logrotate-20060101 >=sec-policy/selinux-lvm-20060101 >=sec-policy/selinux-mdadm-20060101 >=sec-policy/selinux-mysql-20060101 >=sec-policy/selinux-nfs-20060101 >=sec-policy/selinux-ntop-20060101 >=sec-policy/selinux-ntp-20060101 >=sec-policy/selinux-openldap-20060101 >=sec-policy/selinux-openvpn-20060101 >=sec-policy/selinux-portmap-20060101 >=sec-policy/selinux-postfix-20060101 >=sec-policy/selinux-postgresql-20060101 >=sec-policy/selinux-privoxy-20060101 >=sec-policy/selinux-procmail-20060101 >=sec-policy/selinux-publicfile-20060101 >=sec-policy/selinux-qmail-20060101 >=sec-policy/selinux-samba-20060101 >=sec-policy/selinux-screen-20060101 >=sec-policy/selinux-snmpd-20060101 >=sec-policy/selinux-snort-20060101 >=sec-policy/selinux-spamassassin-20060101 >=sec-policy/selinux-squid-20060101 >=sec-policy/selinux-stunnel-20060101 >=sec-policy/selinux-sudo-20060101 >=sec-policy/selinux-tftpd-20060101 >=sec-policy/selinux-ucspi-tcp-20060101 >=sec-policy/selinux-wireshark-20060101