Archives
Archives
| From: | "Toralf Förster" <toralf@g.o> | ||
|---|---|---|---|
| To: | gentoo-project@l.g.o | ||
| Subject: | Re: [gentoo-project] The status of grsecurity upstream and hardened-sources downstream | ||
| Date: | Fri, 23 Jun 2017 17:49:23 | ||
| Message-Id: | 831a1b68-1083-ba04-faff-77267b7b06a1@gentoo.org | ||
| In Reply to: | [gentoo-project] The status of grsecurity upstream and hardened-sources downstream by "Anthony G. Basile" |
||
| 1 | On 06/23/2017 06:28 PM, Anthony G. Basile wrote: |
| 2 | > I don't recommend we remove any of the machinery from Gentoo that deals with PaX |
| 3 | > markings. |
| 4 | |
| 5 | I'm still using the hardened profile both at my desktop and my server - |
| 6 | now together with latest stable vanilla-kernel by directly following the |
| 7 | stable kernel git |
| 8 | (echo "sys-kernel/vanilla-sources-4.10.13" >> |
| 9 | /etc/portage/profile/package.provided). |
| 10 | I realized (at the tinderbox images as well), that PAX-marking error |
| 11 | messages do occur, when I didn't add '-paxkernel' to my USE flags. |
| 12 | |
| 13 | I do wonder, if the PAX marking logic could detect a running |
| 14 | non-hardened kernel and therefore silently skip the step ? |
| 15 | |
| 16 | -- |
| 17 | Toralf |
| 18 | PGP 23217DA7 9B888F45 |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |
| Subject | Author |
|---|---|
| Re: [gentoo-project] The status of grsecurity upstream and hardened-sources downstream | Mike Gilbert <floppym@g.o> |
| Re: [gentoo-project] The status of grsecurity upstream and hardened-sources downstream | Michael Orlitzky <mjo@g.o> |