| 1 |
On Sat, 2004-01-24 at 16:12, source wrote: |
| 2 |
> Hello all, |
| 3 |
> |
| 4 |
> I'm new to grsecurity and surpised about 2 things. |
| 5 |
> First, why starts the init script (/etc/init.d/grsecurity) only the sysctl-stuff and not the ACLs (gradm -E)? |
| 6 |
> And seconds, why are the default ACLs in gentoo so strict, that a basic system won't shutdown normaly? |
| 7 |
|
| 8 |
Simple.. I don't feel it's the place of the distribution to enable your |
| 9 |
policy for you. Gentoo will give you some basic templates to use but for |
| 10 |
grsecurity to be effective for your needs you need to enable leaning |
| 11 |
mode on some subjects and develop your own policy that works good for |
| 12 |
you. |
| 13 |
|
| 14 |
In addition we want to leave this choice up to you to decide if you even |
| 15 |
want to use ACL's in the first place and if you do then chances are you |
| 16 |
will want to add the (gradm -E) in your /etc/init.d/local.start vs the |
| 17 |
grsec init/conf script handles your sysctl settings. |
| 18 |
|
| 19 |
> by, source |
| 20 |
> |
| 21 |
> -- |
| 22 |
|
| 23 |
-- |
| 24 |
|
| 25 |
Ned Ludd <solar@g.o> |
| 26 |
|
| 27 |
Gentoo Linux Developer |
Archives