Currently we don't have support for hardened profiles – PaX/GrSecurity. While I made a hardened support after FL-221 got fixed, is not documented not supported.

The steps to get a hardened working system currently consists on:

1. Add "gentoo:hardened/linux/amd64" to /etc/portage/make.profile/parent by hand
2. Rebuild GCC: emerge gcc && env-update && source /etc/profile
3. Rebuild glibc: emerge glibc
4. Rebuild your environment: emerge -e world
5. Build a hardened-sources kernel with GrSecurity enabled.

I got some kernel panics with these options:

• PAX_SIZE_OVERFLOW=y (http://www.grsecurity.net/~ephox/overflow_plugin): Got kernel panics just running "emerge --sync".

• GRKERNSEC_KERN_LOCKOUT=y: Got "grsec: halting the system due suspicious kernel crash caused by root" (which throws a kernel panic) while running "metro" to build a custom profile