public inbox for gentoo-project@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* Re: [gentoo-project] The status of grsecurity upstream and hardened-sources downstream
  @ 2017-06-23 17:49 99% ` Toralf Förster
  0 siblings, 0 replies; 1+ results
From: Toralf Förster @ 2017-06-23 17:49 UTC (permalink / raw
  To: gentoo-project


[-- Attachment #1.1: Type: text/plain, Size: 708 bytes --]

On 06/23/2017 06:28 PM, Anthony G. Basile wrote:
>  I don't recommend we remove any of the machinery from Gentoo that deals with PaX
> markings.

I'm still using the hardened profile both at my desktop and my server -
now together with latest stable vanilla-kernel by directly following the
stable kernel git
(echo "sys-kernel/vanilla-sources-4.10.13" >>
/etc/portage/profile/package.provided).
I realized (at the tinderbox images as well), that PAX-marking error
messages do occur, when I didn't add '-paxkernel' to my USE flags.

I do wonder, if the PAX marking logic could detect a running
non-hardened kernel and therefore silently skip the step ?

-- 
Toralf
PGP 23217DA7 9B888F45



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2017-06-23 16:28     [gentoo-project] The status of grsecurity upstream and hardened-sources downstream Anthony G. Basile
2017-06-23 17:49 99% ` Toralf Förster

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox