From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
by nuthatch.gentoo.org with esmtp (Exim 4.60)
(envelope-from <gentoo-hardened+bounces-583-garchives=archives.gentoo.org@gentoo.org>)
id 1FfEjz-0002o8-4O
for garchives@archives.gentoo.org; Sun, 14 May 2006 11:26:27 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k4EBNXRt026598;
Sun, 14 May 2006 11:23:33 GMT
Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186])
by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k4EBNWQb018033
for <gentoo-hardened@lists.gentoo.org>; Sun, 14 May 2006 11:23:33 GMT
Received: by nf-out-0910.google.com with SMTP id y38so7755nfb
for <gentoo-hardened@lists.gentoo.org>; Sun, 14 May 2006 04:23:32 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;
h=received:message-id:date:from:reply-to:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding;
b=dJwFjOardfFWdiKJzK1tu9GljsQ1N0hoKhxw7V7SnyGrHvhhVPnVObR12pb9LWcUbTk8GnAmYGgb55FwEShPRxjdQDaWEzYKlYGSmk9N5ydblVFQFakDnFU45eo0EFmkiS+sFNwy9jJ7CmFOuowXbkN3hOdGV6xRy319sPWQAfw=
Received: by 10.49.5.11 with SMTP id h11mr2519394nfi;
Sun, 14 May 2006 04:23:32 -0700 (PDT)
Received: from ?192.168.0.4? ( [62.103.236.162])
by mx.gmail.com with ESMTP id n22sm1977704nfc.2006.05.14.04.23.31;
Sun, 14 May 2006 04:23:32 -0700 (PDT)
Message-ID: <44671405.8020007@gmail.com>
Date: Sun, 14 May 2006 14:27:01 +0300
From: Panagiotis Atmatzidis <p.atmatzidis@gmail.com>
User-Agent: Thunderbird 1.5.0.2 (Macintosh/20060308)
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Obtaining a Xen/SELinux/PaX/GRSecurity kernel
References: <Pine.LNX.4.44.0605132221460.10710-100000@lnx.bridge.intra>
In-Reply-To: <Pine.LNX.4.44.0605132221460.10710-100000@lnx.bridge.intra>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 941eeb56-5dde-4ad4-a823-fbf99156ecee
X-Archives-Hash: 194e3aa640a75ce65d30ec4fb6eeed2b
Peter S. Mazinger wrote:
> On Sun, 7 May 2006, Alex Efros wrote:
>
>> Hi!
>>
>> On Sun, May 07, 2006 at 12:28:40AM -0400, Kevin wrote:
>>> If I wanted all four of the Xen/SELinux/PaX/GRSecurity patch sets
>>> incorporated into a kernel, any recommendations for doing this?
>> AFAIK hardened-sources already contain SELinux+PaX+GRSecurity.
>
> I would say hardened-sources have either SELinux-PaX or PaX/GRSecurity
>
> Peter
>
Yes and it's a good practice to keep the security models separated even
on ml posts. I was a bit confused myself at the beginning and I found
many users who are confused even though they use one of the security
models mentioned above. Many people think that they can use rsbac +
grsecurity + SELinux all together, which in theory[1] is possible but it
makes no sense and turns the box into something unusable.
So, be nice with newcomers and try not to confuse them :-)
[1] A guy told me that he installed all the 3 sec models in his test box
once upon a time.
--
gentoo-hardened@gentoo.org mailing list