Gentoo Archives: gentoo-hardened

From:	Ned Ludd <solar@g.o>
To:	"Jan Dušek" <j.d@×××××××××.cz>
Cc:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] A way to combine grsec with selinux?
Date:	Mon, 01 Mar 2004 16:24:24
Message-Id:	`1078157878.1810.4927.camel@simple`
In Reply to:	[gentoo-hardened] A way to combine grsec with selinux? by "Jan Dušek"

1	On Mon, 2004-03-01 at 10:54, Jan Dušek wrote:
2	> Hi, I was just wondering - is there a way to combine some non-ACL
3	> related grsec features (such as randomization of TCP ports, etc.) with
4	> SELinux?
5
6	Yes sorta. If your willing to use 2.6.x then you can get a kernel mixed
7	with the some of the features your looking for. grsecurity does not
8	exist yet however for 2.6.x so a few people have been putting a patch
9	together for 2.6.x testing.
10
11	so far whats done. (more to come)
12
13	iopl,ioperm,kmem
14	ip/pid randomizations
15	restricted /proc, dmesg
16	selinux-hooks for pax
17	/proc/#pid/ipaddr
18	/proc/#pid/status (display PAX runtime flags)
19	seed entropy via AT_ENTROPY as per a previous topic of discussion from
20	this mailing list.
21	some sysctl options.
22
23	unpack linux-2.6.3
24	cd linux-2.6.3
25
26	wget http://pax.grsecurity.net/pax-linux-2.6.3-200402250000.patch \
27	http://dev.gentoo.org/~solar/pax/openpax/linux-2.6.3-openpax-0.11.patch
28	patch -p1 < ../pax-linux-2.6.3-200402250000.patch
29	patch -p1 < ../linux-2.6.3-openpax-0.11.patch
30
31	# example kernel.config
32	wget -O - -q
33	http://dev.gentoo.org/~solar/pax/openpax/openpax-2.6.3.config \| tail -n
34	89
35
36	make menuconfig
37
38	# enjoy.
39	# http://pax.grsecurity.net/
40	# http://openpax.net/
41	# kernel 2.6.x already supports selinux out of the box.
42
43	>
44	> I don't think I can straightly patch my kernel with both, can I?
45	>
46	> --jd
47	>
48	> --
49	> gentoo-hardened@g.o mailing list
50	--
51	Ned Ludd <solar@g.o>
52	Gentoo Linux Developer

File name	MIME type
signature.asc	application/pgp-signature