1 |
On Tue, 2007-07-17 at 18:44 +0200, Christian Parpart wrote: |
2 |
> On Sunday 08 July 2007 23:23:26 Christian Heim wrote: |
3 |
> > On Saturday 07 July 2007 10:26:58 Natanael Copa wrote: |
4 |
> > > hmm.... |
5 |
> > > |
6 |
> > > I compared with the vserver+grsec patch from http://linux-vserver.org |
7 |
> > > and just copied the patched file on rejected files. There is no vserver |
8 |
> > > +grsec patch for 2.6.20 there so its more work. |
9 |
> > > |
10 |
> > > However, if there would be any interest in a official gentoo hardened |
11 |
> > > vserver kernel, I might put some extra effort in it. |
12 |
> > |
13 |
> > It won't get any more "official" than my overlay, sorry :) |
14 |
> |
15 |
> for what reason? |
16 |
> |
17 |
> I mean, there seems to be an interest in it, not just him (and me, most |
18 |
> obviousely). |
19 |
> |
20 |
> I guess most ppl who want to setup a vserver environment also want to be a |
21 |
> little bit *more* secure than the standard way - i'm thinking about grsec |
22 |
> here. |
23 |
> |
24 |
> why isn't there an option to (by default) provide this to the vserver-sources |
25 |
> (or optional via hardened useflag that is enabled in a hardened profile |
26 |
> anyways?) - makes sense to me at least ;) |
27 |
|
28 |
|
29 |
Manpower/stability/security.. There are many reasons why hardened wont |
30 |
be including vserver in hardened-sources (unless mainline takes |
31 |
vserver). There are probably many reasons why vserver-sources might not |
32 |
want to include hardened patches. Like not being bound to wait on |
33 |
pax/grsec upstream for new releases of vserver. My personal feelings |
34 |
however is if it were ever to be considered for inclusion it would be |
35 |
better for vserver to include hardened vs hardened including vserver as |
36 |
they require a special kernel etc.. |
37 |
|
38 |
|
39 |
|
40 |
> Regards, |
41 |
> Christian Parpart. |
42 |
-- |
43 |
Ned Ludd <solar@g.o> |
44 |
Gentoo Linux |
45 |
|
46 |
-- |
47 |
gentoo-hardened@g.o mailing list |