Until a few minutes ago I had the older versions of util-vserver and
dietlibc that you referenced (several years old).
I just installed the current dietlibc-0.34 and util-vserver which pulls
it in on my grsec + hardened machine. Didn't notice any problems?
Note I always compile dietlibc with the vanilla compiler (not
hardened). Can't remember the details now, but either it fails to
compile or the libraries die. Just got used to compiling with vanilla...
My profile is slightly customised from hardened standard, but can't
think of any differences which might affect things?
Perhaps you just need to build dietlibc differently?
Good luck
Ed W
On 09/08/2014 22:46, Romain Riviere wrote:
> Hello crowd,
>
> I have just reinstalled my server with a brand new Gentoo system, and I
> was hoping to restore it to its previous state, give or take a few
> updates, meaning a host capable of running a vserver kernel and a few
> containers. Unfortunately, I could not emerge dietlibc > 0.33, nor any
> version of util-vserver.
>
> Building util-vserver fails with:
> src/secure-mount.o: In function `mountSingle':
> secure-mount.c:(.text+0x9fe): warning: warning: your code still has
> assertions enabled!
> /usr/diet/lib-i386/libc.a(assert_fail.o): In function `__assert_fail':
> (.text+0x19e): undefined reference to `stpcpy'
>
> which I'm told is "normal" since it depends on dietlibc 0.34-something.
>
> And building dietlibc gives me:
> /usr/lib/gcc/i686-pc-linux-gnu/4.7.3/../../../../i686-pc-linux-gnu/bin/ld:
> error in bin-i386/dyn_stop.o(.eh_frame); no .eh_frame_hdr table will be
> created.
> : -R .comment -R .note bin-i386/diet-i
>
> when using ebuild merge, or just a simple
>
> make: *** [bin-i386/elftrunc] Error 139
>
> when using emerge. It doesn't matter whether I'm using the 20140729
> snapshot or the git version.
>
> The odd thing is that I was once able to build
> util-vserver-0.30.216_pre3038 against dietlibc-0.33_pre20110403, but now
> I can't, for some reason that eludes me.
>
> From what I've read here and there, I gather that the hardened profile
> may be the issue here. So my main question is: if it is discouraged, why
> not make it clear in the ebuild that it won't work?
> The other question is, how was it once possible to build util-vserver
> against dietlibc < 0.34, and why can't it be done anymore ?
>
> I am now about to rebuild my toolchain without the hardened profile and
> see if it helps (it should, since people have reported that they _can_
> build VServer related stuff).
>
> All the best
Received on Mon Aug 11 17:35:14 2014