This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Talk:Hardened/Grsecurity2 Quickstart
From Gentoo Wiki (test)
Note
This is a talk page. Please add newer comments below older ones, and sign your comments using four tildes (
This is a talk page. Please add newer comments below older ones, and sign your comments using four tildes (
~~~~
).
When adding a new section (at the bottom of the page), please mark it as "open for discussion" by using {{talk|open}}
so it will show up in the list of open discussions.Missing kernel options
Talk status
This discussion is still ongoing.
During configuration of sys-kernel/hardened-sources-3.11.7-r1 for x64 virtual machine I've noticed that these kernel options don't exist anymore:
CONFIG_GRKERNSEC_AUDIT_IPC CONFIG_GRKERNSEC_AUDIT_TEXTREL CONFIG_GRKERNSEC_EXECVE CONFIG_GRKERNSEC_RANDPID CONFIG_GRKERNSEC_RANDID CONFIG_GRKERNSEC_RANDSRC CONFIG_GRKERNSEC_RANDRPC
Maybe an update to Wiki page needed?
Besides that I've noticed new options, that should be on Wiki page also:
CONFIG_GRKERNSEC_SYSCTL=y CONFIG_GRKERNSEC_SYSCTL_ON=y
First one enables the ability to change /proc/sys/kernel/grsecurity/*, and the second one enables everything by default without the need to write to /etc/sysctl.conf things like:
kernel.grsecurity.chroot_deny_sysctl = 1 kernel.grsecurity.chroot_caps = 1
Hope this will be helpful. — The preceding unsigned comment was added by Stan31337 (talk • contribs)