How to drop 32-bit support from AMD64 Gentoo

In the wake of the recent kernel exploits I determined I didn’t really need 32-bit support on most of my 64-bit machines. The vulnerabilities in question depend upon 32-bit support, so dropping that support resolves the issue without me having to patch the kernel or really change what software I’m running at all. Here’s how I did it.

I should point out that you cannot simply go back to having 32-bit support after you do this. This is a one-way change!

Step 1: Make sure you have a 64-bit capable bootloader:

You can use lilo or grub2. Lilo is documented in the Gentoo handbook, and I haven’t tried Grub2.

Step 2: Switch to non-multilib profile:

WEB-SVN ~ # eselect profile list
Available profile symlink targets:
[1] default/linux/amd64/10.0 *
[2] default/linux/amd64/10.0/desktop
[3] default/linux/amd64/10.0/desktop/gnome
[4] default/linux/amd64/10.0/desktop/kde
[5] default/linux/amd64/10.0/developer
[6] default/linux/amd64/10.0/no-multilib
[7] default/linux/amd64/10.0/server
[8] hardened/linux/amd64/10.0
[9] hardened/linux/amd64/10.0/no-multilib
[10] selinux/2007.0/amd64
[11] selinux/2007.0/amd64/hardened
[12] selinux/v2refpolicy/amd64
[13] selinux/v2refpolicy/amd64/desktop
[14] selinux/v2refpolicy/amd64/developer
[15] selinux/v2refpolicy/amd64/hardened
[16] selinux/v2refpolicy/amd64/server
WEB-SVN ~ # eselect profile set 6 && eselect profile show
Current make.profile symlink:

Step 3: Emerge packages whose useflags have changed:

WEB-SVN ~ # emerge -1 sandbox glibc gcc
...much noise...
WEB-SVN ~ # rm /etc/env.d/04multilib &&
> env-update &&
> . /etc/profile &&
> "$(gcc -dumpversion)"
...well, didn't seem to change anything, but it was a good idea anyway...
WEB-SVN ~ # cat /etc/ # to check if there are 32-bit libs left
# autogenerated by env-update; make all changes to
# contents of /etc/env.d directory

Looks good!

Remove 32-bit support in the kernel

WEB-SVN ~ # cd /usr/src/linux && make menuconfig
Executable file formats / Emulations ---> [ ] IA32 Emulation
WEB-SVN ~ # make &&
> mount -o remount,rw /boot &&
> make install modules_install &&
> module-rebuild -X rebuild &&
> shutdown -r now

That’s it!