1 |
Hi hardened users, |
2 |
|
3 |
Currently, when configuring the hardened kernel, the user is presented |
4 |
with some predefined Security Levels. (Security options -> Grsecuirty |
5 |
-> Security Level). Four of these are set by Gentoo |
6 |
|
7 |
Hardened Gentoo [server] |
8 |
Hardened Gentoo [server no rbac] |
9 |
Hardened Gentoo [workstation] |
10 |
Hardened Gentoo [workstation no rbac] |
11 |
|
12 |
These are defined so as to maximize security while minimizing breakage |
13 |
with Gentoo software. I'm proposing to change this to |
14 |
|
15 |
Hardened Gentoo [server] |
16 |
Hardened Gentoo [workstation or virtualization host] |
17 |
|
18 |
One change will be to remove the "no rbac" option which is easily turned |
19 |
on/off at Security options -> Grsecuirty -> Role Based Access Control |
20 |
Options -> Disable RBAC system. The default will be on (ie do not |
21 |
disable rbac). Even if the users doesn't want to use RBAC and still |
22 |
enables it, there is no harm done since RBAC simply be available but not |
23 |
used unless turned on by gradm. |
24 |
|
25 |
The other change will be to add a "virtualization host" option. |
26 |
Currently these settings are identical to the workstation and so are |
27 |
coalesced, but may change. I am trying to make the hardened kernel |
28 |
compatible with VirtualBox and kvm, but there are some security settings |
29 |
which will most likely *always* break virtualization and will need to be |
30 |
turned off. |
31 |
|
32 |
This is work in progress and testing is appreciated. The ebuilds are on |
33 |
my overlay. |
34 |
|
35 |
|
36 |
-- |
37 |
Anthony G. Basile, Ph.D. |
38 |
Gentoo Developer |