List Archive: gentoo-hardened
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
>> Blurb: The one time I tried SELinux (which isn't ment to be the last time) I
>> found it extremly difficult, complex and by no means comfortable. But I'm
>> sure some of you got better results than I did.
>Hmm .. I've seen similar opinions posted in various places on the web .. easy to find using Google.
True, selinux has a tough learning curve, similarly gentoo is not a linux distribution for newbies,
however, please recognise that we are putting forth a concerted effort to make this easy
to use for those who want to. We are providing policies for the base gentoo system, and
policies for hopefully a large part of the ebuilds in portage, we are writing stuff to deploy policies
when you install a particular app, we will have selinux GUI policy editors in portage, et al.
the opinions you've seen on the web are from people trying to do this basically from scratch
on a system which does not provide this functionality natively like we are. Additionally we'll
be putting together documentation for users to understand roles and using them effectively.
>Anyway, the WOLK kernel (also in the Gentoo portage tree) has integrated grsecurity, systrace, and several other interesting packages. Are we duplicating effort?
not at all. I understand that wolk contains many (if not all) of the patches that we will provide, however, since wolk is a giant collection of patches, and since many patches don't show up in later releases after being in prior ones i am not going to rely on them to provide all the patches that we need
However, for those users which prefer the enhancements available in WOLK it will certainly still be available. For example, whomever want to use selinux can choose between selinux-sources, hardened-sources and wolk-(server)-sources.