Host system requirements

Robert Connolly robert at linuxfromscratch.org
Tue Jun 3 19:27:27 PDT 2008


To use Libcap2/fcaps we need linux-2.6.24 with the capabilities module loaded, 
and ext2/ext3/reiserfs filesystem, on the host system... if the /bin/passwd 
program is using capabilities, then the host needs linux-2.6.24 capabilities 
or we can't set the root password before rebooting. To use grsec rbac we need 
a grsec kernel... to set grsec rbac rules as packages are installed.

I would like to keep hlfs designed to be hardened on the first boot, and not 
designed to be set up with grsec rules after first boot.

This will screw using knoppix or the lfs-livecd as a host system, while having 
the side effect of forcing new users to have some advance knowledge of what 
they're getting into and how to set it up. The main disadvantage is that I 
don't know of any live-cd that meets these requirements, so installing on a 
brand new system would be impossible.

It's a catch22. Ideally you should trust the host system, and you can only 
really do that with an LFS host system. On the other hand, it's unfair to 
expect everyone with a brand new system to install LFS before HLFS.

Without distributing an hlfs-live-cd I don't see a way around this. Even if we 
find workarounds for these two issues (someone-elses livecd), it wouldn't 
account for future issues of the same nature.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20080603/7d3a3aca/attachment.sig>


More information about the hlfs-dev mailing list