Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Ned Ludd <solar@g.o>
To: gentoo-hardened@l.g.o
Cc: Christian Heim <phreak@g.o>
Subject: Re: [gentoo-hardened] hardened-sources + vserver
Date: Tue, 17 Jul 2007 17:25:34
Message-Id: 1184693015.19351.101.camel@hangover.linbsd.net
In Reply to: Re: [gentoo-hardened] hardened-sources + vserver by Christian Parpart
1 On Tue, 2007-07-17 at 18:44 +0200, Christian Parpart wrote:
2 > On Sunday 08 July 2007 23:23:26 Christian Heim wrote:
3 > > On Saturday 07 July 2007 10:26:58 Natanael Copa wrote:
4 > > > hmm....
5 > > >
6 > > > I compared with the vserver+grsec patch from http://linux-vserver.org
7 > > > and just copied the patched file on rejected files. There is no vserver
8 > > > +grsec patch for 2.6.20 there so its more work.
9 > > >
10 > > > However, if there would be any interest in a official gentoo hardened
11 > > > vserver kernel, I might put some extra effort in it.
12 > >
13 > > It won't get any more "official" than my overlay, sorry :)
14 >
15 > for what reason?
16 >
17 > I mean, there seems to be an interest in it, not just him (and me, most
18 > obviousely).
19 >
20 > I guess most ppl who want to setup a vserver environment also want to be a
21 > little bit *more* secure than the standard way - i'm thinking about grsec
22 > here.
23 >
24 > why isn't there an option to (by default) provide this to the vserver-sources
25 > (or optional via hardened useflag that is enabled in a hardened profile
26 > anyways?) - makes sense to me at least ;)
27
28
29 Manpower/stability/security.. There are many reasons why hardened wont
30 be including vserver in hardened-sources (unless mainline takes
31 vserver). There are probably many reasons why vserver-sources might not
32 want to include hardened patches. Like not being bound to wait on
33 pax/grsec upstream for new releases of vserver. My personal feelings
34 however is if it were ever to be considered for inclusion it would be
35 better for vserver to include hardened vs hardened including vserver as
36 they require a special kernel etc..
37
38
39
40 > Regards,
41 > Christian Parpart.
42 --
43 Ned Ludd <solar@g.o>
44 Gentoo Linux
45
46 --
47 gentoo-hardened@g.o mailing list
Report Message
Find on MARC Find on Google Groups