diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent index 6fe462edfa..767f085901 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent @@ -1,4 +1,2 @@ .. -portage-stable:arch/amd64/no-multilib -portage-stable:features/64bit-native :coreos/targets/generic diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/use.force b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/use.force deleted file mode 100644 index 330bf8920a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/use.force +++ /dev/null @@ -1,2 +0,0 @@ -# We don't do multilib. --multilib diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/make.defaults new file mode 100644 index 0000000000..8793dcad02 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/make.defaults @@ -0,0 +1,5 @@ +# Disable PAX use flags, we don't use grsec kernels +# Don't favor /dev/urandom over /dev/random, not sure why this flag +# is enabled in hardened, the default profiles do not enable it. +BOOTSTRAP_USE="${BOOTSTRAP_USE} -pax_kernel -xtpax" +USE="-pax_kernel -urandom -xtpax" diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/package.use.force b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/package.use.force new file mode 100644 index 0000000000..aafa196b0c --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/package.use.force @@ -0,0 +1,2 @@ +# Do not force this flag, we don't need XATTR_PAX +sys-apps/portage -xattr diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/packages b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/packages new file mode 100644 index 0000000000..511adccb20 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/packages @@ -0,0 +1,3 @@ +# Disable PAX utilities, we don't use grsec kernels +-*sys-apps/paxctl +-*sys-apps/elfix diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent index 09dff0fee8..e939d1587c 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent @@ -1,5 +1,2 @@ -portage-stable:base -portage-stable:default/linux -portage-stable:arch/amd64 -portage-stable:releases/10.0 +portage-stable:hardened/linux/amd64/no-multilib :coreos/base diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults index 623d494da7..7c7f8c84d3 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults @@ -10,7 +10,7 @@ USE_EXPAND="${USE_EXPAND} BOARD_USE CROS_WORKON_TREE TESTS U_BOOT_CONFIG_USE U_B USE_EXPAND_HIDDEN="${USE_EXPAND_HIDDEN} CROS_WORKON_TREE" # Extra use flags for CoreOS SDK -USE="${USE} hardened cros_host pic pie expat -introspection -cups -tcpd -pcre -berkdb" +USE="${USE} cros_host pic pie expat -introspection -cups -tcpd -pcre -berkdb" # Enable bindist for both SDK and targets USE="${USE} bindist" diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent index 5ec03dee4d..e00b432785 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent @@ -1 +1,2 @@ +portage-stable:targets/systemd :features/systemd diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use.mask deleted file mode 100644 index 7de6ed2169..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use.mask +++ /dev/null @@ -1,5 +0,0 @@ -# Copyright (c) 2010 The Chromium OS Authors. All rights reserved. -# Distributed under the terms of the GNU General Public License v2 - -# Allow hardened glibc on the target. -sys-libs/glibc -hardened