| 1 |
Mivz wrote: |
| 2 |
|
| 3 |
> When I use the hardened portage profile |
| 4 |
> (/usr/portage/profiles/hardened/x86) |
| 5 |
> I can not merge a 2.6 kernel. It reports it is masked by profile. |
| 6 |
> Then a again. When I want to use SELinux it is advised to use a 2.6 |
| 7 |
> kernel. |
| 8 |
> This is no problem whit the SELinux profile. |
| 9 |
> But when the SELinux distro is hardened, why can't I use a 2.6 kernel |
| 10 |
> whit the default hardened profile? |
| 11 |
> Is 2.6 not secure enoughe? Is 2.6 onley secure enoughe whit SELinux |
| 12 |
> enabled? |
| 13 |
> |
| 14 |
> What does the hardened/SELinux profile actually do, except for the |
| 15 |
> CFLAGS, LDFLAGS and the package masks? Could I just use a normal |
| 16 |
> profile and add the correct flags to my make.conf? |
| 17 |
> Or are the use flags (hardened, pic and pie) enough to build a |
| 18 |
> Hardened Gentoo system and will the ebuilds addapt the FLAGS to those? |
| 19 |
> |
| 20 |
> Mivz |
| 21 |
|
| 22 |
To phrase it clearly, default kernel with hardened profile is 2.4, while |
| 23 |
its 2.6 with other profiles. |
| 24 |
This is because the 2.4 kernel is usually considered more stable/secure |
| 25 |
as it does not change a lot and has been reviewed a few times. |
| 26 |
|
| 27 |
So you should just point your profile to 2.6 |
| 28 |
-- |
| 29 |
gentoo-hardened@g.o mailing list |
Archives