-
Improvement
-
Resolution: Fixed
-
Minor
-
None
-
None
Currently we don't have support for hardened profiles – PaX/GrSecurity. While I made a hardened support after FL-221 got fixed, is not documented not supported.
The steps to get a hardened working system currently consists on:
- Add "gentoo:hardened/linux/amd64" to /etc/portage/make.profile/parent by hand
- Rebuild GCC: emerge gcc && env-update && source /etc/profile
- Rebuild glibc: emerge glibc
- Rebuild your environment: emerge -e world
- Build a hardened-sources kernel with GrSecurity enabled.
I got some kernel panics with these options:
- PAX_SIZE_OVERFLOW=y (http://www.grsecurity.net/~ephox/overflow_plugin): Got kernel panics just running "emerge --sync".
- GRKERNSEC_KERN_LOCKOUT=y: Got "grsec: halting the system due suspicious kernel crash caused by root" (which throws a kernel panic) while running "metro" to build a custom profile
1.
|
Add hardened support for coreboot on grub | Closed | Unassigned |