Gentoo Archives: gentoo-commits

From: "Sven Vermeulen (swift)" <swift@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/proj/en/hardened: grsecurity.xml
Date: Mon, 31 Dec 2012 19:12:09
Message-Id: 20121231191159.84E102171D@flycatcher.gentoo.org
1 swift 12/12/31 19:11:59
2
3 Modified: grsecurity.xml
4 Log:
5 Point to hardened faq for the instructions on switching profile
6
7 Revision Changes Path
8 1.24 xml/htdocs/proj/en/hardened/grsecurity.xml
9
10 file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/grsecurity.xml?rev=1.24&view=markup
11 plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/grsecurity.xml?rev=1.24&content-type=text/plain
12 diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/proj/en/hardened/grsecurity.xml?r1=1.23&r2=1.24
13
14 Index: grsecurity.xml
15 ===================================================================
16 RCS file: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/grsecurity.xml,v
17 retrieving revision 1.23
18 retrieving revision 1.24
19 diff -u -r1.23 -r1.24
20 --- grsecurity.xml 28 Oct 2012 15:21:06 -0000 1.23
21 +++ grsecurity.xml 31 Dec 2012 19:11:59 -0000 1.24
22 @@ -17,8 +17,8 @@
23 system's security to higher standards.
24 </abstract>
25
26 -<version>1.3</version>
27 -<date>2010-05-10</date>
28 +<version>2</version>
29 +<date>2012-12-31</date>
30
31 <chapter>
32 <title>About Grsecurity</title>
33 @@ -839,37 +839,8 @@
34
35 <p>
36 Although it is outside the scope of this document we mention the use of the
37 -hardened toolchain which completes the grsec/PaX model from userspace. As a
38 -quickstart you can do:
39 -</p>
40 -
41 -<pre caption="Using the hardened toolchain">
42 -# <i>eselect profile list</i>
43 -[1] default/linux/amd64/10.0
44 -[2] default/linux/amd64/10.0/desktop
45 -[3] default/linux/amd64/10.0/desktop/gnome *
46 -[4] default/linux/amd64/10.0/desktop/kde
47 -[5] default/linux/amd64/10.0/developer
48 -[6] default/linux/amd64/10.0/no-multilib
49 -[7] default/linux/amd64/10.0/server
50 -[8] hardened/linux/amd64
51 -[9] hardened/linux/amd64/no-multilib
52 -[10] selinux/2007.0/amd64
53 -[11] selinux/2007.0/amd64/hardened
54 -[12] selinux/v2refpolicy/amd64
55 -[13] selinux/v2refpolicy/amd64/desktop
56 -[14] selinux/v2refpolicy/amd64/developer
57 -[15] selinux/v2refpolicy/amd64/hardened
58 -[16] selinux/v2refpolicy/amd64/server
59 -# <i>eselect profile set 8</i> <comment>(replace 8 with the desired hardened profile)</comment>
60 -# <i>emerge --oneshot binutils gcc virtual/libc</i>
61 -# <i>emerge -e system</i>
62 -# <i>emerge -e world</i>
63 -</pre>
64 -
65 -<p>
66 -If you don't want to use this profile, add these <c>hardened pic</c> USE flags to your
67 -USE variable in <path>/etc/make.conf</path>.
68 +<uri link="hardenedfaq.xml#hardenedprofile">hardened toolchain</uri> which
69 +completes the grsec/PaX model from userspace.
70 </p>
71
72 </body>