From: | Ned Ludd <solar@g.o> | ||
---|---|---|---|
To: | "Jan Dušek" <j.d@×××××××××.cz> | ||
Cc: | gentoo-hardened@l.g.o | ||
Subject: | Re: [gentoo-hardened] A way to combine grsec with selinux? | ||
Date: | Mon, 01 Mar 2004 16:24:24 | ||
Message-Id: | 1078157878.1810.4927.camel@simple | ||
In Reply to: | [gentoo-hardened] A way to combine grsec with selinux? by "Jan Dušek" |
1 | On Mon, 2004-03-01 at 10:54, Jan Dušek wrote: |
2 | > Hi, I was just wondering - is there a way to combine some non-ACL |
3 | > related grsec features (such as randomization of TCP ports, etc.) with |
4 | > SELinux? |
5 | |
6 | Yes sorta. If your willing to use 2.6.x then you can get a kernel mixed |
7 | with the some of the features your looking for. grsecurity does not |
8 | exist yet however for 2.6.x so a few people have been putting a patch |
9 | together for 2.6.x testing. |
10 | |
11 | so far whats done. (more to come) |
12 | |
13 | iopl,ioperm,kmem |
14 | ip/pid randomizations |
15 | restricted /proc, dmesg |
16 | selinux-hooks for pax |
17 | /proc/#pid/ipaddr |
18 | /proc/#pid/status (display PAX runtime flags) |
19 | seed entropy via AT_ENTROPY as per a previous topic of discussion from |
20 | this mailing list. |
21 | some sysctl options. |
22 | |
23 | unpack linux-2.6.3 |
24 | cd linux-2.6.3 |
25 | |
26 | wget http://pax.grsecurity.net/pax-linux-2.6.3-200402250000.patch \ |
27 | http://dev.gentoo.org/~solar/pax/openpax/linux-2.6.3-openpax-0.11.patch |
28 | patch -p1 < ../pax-linux-2.6.3-200402250000.patch |
29 | patch -p1 < ../linux-2.6.3-openpax-0.11.patch |
30 | |
31 | # example kernel.config |
32 | wget -O - -q |
33 | http://dev.gentoo.org/~solar/pax/openpax/openpax-2.6.3.config | tail -n |
34 | 89 |
35 | |
36 | make menuconfig |
37 | |
38 | # enjoy. |
39 | # http://pax.grsecurity.net/ |
40 | # http://openpax.net/ |
41 | # kernel 2.6.x already supports selinux out of the box. |
42 | |
43 | > |
44 | > I don't think I can straightly patch my kernel with both, can I? |
45 | > |
46 | > --jd |
47 | > |
48 | > -- |
49 | > gentoo-hardened@g.o mailing list |
50 | -- |
51 | Ned Ludd <solar@g.o> |
52 | Gentoo Linux Developer |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |