Some days ago i turned on grsec & pax in gentoo-sources-2.4.26-r9, and built a PIE/SSP Enabled Userland accprding to; http://www.gentoo.org/proj/en/hardened/docs/pax-howto.xml#doc_chap5 - with one difference, i haven't ran emerge -e world, i ran emerge -uD world instead, which worked fine until it came to this point;

install -D --owner 0 --group 0 --mode a=rx proc/libproc-3.2.3.so /var/tmp/portage/procps-3.2.3-r1/image//lib/libproc-3.2.3.so
ldconfig
install -D --owner 0 --group 0 --mode a=rx ps/ps /var/tmp/portage/procps-3.2.3-r1/image//bin/ps
make: *** [/var/tmp/portage/procps-3.2.3-r1/image//bin/ps] Illegal instruction

!!! ERROR: sys-apps/procps-3.2.3-r1 failed.
!!! Function einstall, Line 385, Exitcode 2
!!! einstall failed

and in /var/log/messages i get;

grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by /bin/install[install:1745] uid/euid:0/0 gid/egid:0/0

Now the fun begins; every command i try to run now results in the answer; Illegal instruction.
after i reset i get to the passwordprompt for the cryptoroot, enter the pass and press enter and it spits out the standar reiserfs-mounted-stuff, and then; Pivoting to encrypted root completed successfully.
And there it stops, it responds to keyboard, but it just doesn't do anymore.

I have to reboot into knoppix, mount the drive & unpack a glibc-package from another computer on the drive. before unpacking strace chroot /mnt/hda2 gives;

fstat54(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
close(3) = 0
--- SIGILL (Illegal instruction) @ 0 (0) ---
+++ killed by SIGILL +++

after unpacking it works to chroot, and after reboot the system boots nicely after rootcryptopasswd..

if i try to emerge procps again, the same thing happens

Reproducible: Always
Steps to Reproduce:
1. install gentoo-sources
2. USE="hardened" emerge bintuils gcc glibc
3. emerge procps

Actual Results:  
See details.

Is it due to gentoo-sources instead of recommended hardened or grsec? Or is it
due to not running emerge -e world? I see now that it says "To maintain a
consistant toolchain, first emerge bintuils gcc glibc. Next, rebuild the entire
system with emerge -e world." - should that be interpreted as "You have to do 1)
 and 2) to fix toolchain"? it WILL take ages to build all from scratch on this
poor pentium;)

Expected Results:  
install smooothly:)

Gentoo Base System version 1.4.16
Portage 2.0.50-r11 (default-x86-2004.2, gcc-3.3.4,
glibc-2.3.3.20040420-r1,2.3.3.20040420-r0, 2.4.26-gentoo-r9)
=================================================================
System uname: 2.4.26-gentoo-r9 i586 Pentium MMX
distcc 2.16 i386-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
Autoconf: sys-devel/autoconf-2.59-r4
Automake: sys-devel/automake-1.8.5-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=pentium -fomit-frame-pointer"
CHOST="i386-pc-linux-gnu"
COMPILER=""
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=pentium -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache distcc sandbox"
GENTOO_MIRRORS="ftp://mirror.pudas.net/gentoo"
MAKEOPTS="-j1"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
USE="apm arts avi berkdb bitmap-fonts crypt cups distcc encode extensions
foomaticdb gdbm gif gpm gtk2 hardened imlib ipv6 jpeg kde libg++ libwww mad
mikmod motif mpeg ncurses nls oggvorbis opengl oss pam pdflib perl png python qt
quicktime readline sdl slang spell ssl svga tcpd truetype x86 xml2 xmms xprint
xv zlib"