From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id BC7761381F3 for ; Fri, 20 Sep 2013 23:07:57 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8749FE0AF6; Fri, 20 Sep 2013 23:07:44 +0000 (UTC) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6EA08E09C5 for ; Fri, 20 Sep 2013 23:07:43 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.80.1) for gentoo-user@lists.gentoo.org with esmtp (envelope-from ) id <1VN9nZ-002mrZ-Ns>; Sat, 21 Sep 2013 01:07:41 +0200 Received: from dslb-188-106-187-097.pools.arcor-ip.net ([188.106.187.97] helo=TranscendTheRubicon.fritz.box) by inpost2.zedat.fu-berlin.de (Exim 4.80.1) for gentoo-user@lists.gentoo.org with esmtpsa (envelope-from ) id <1VN9nZ-000JUk-Hz>; Sat, 21 Sep 2013 01:07:41 +0200 Date: Sat, 21 Sep 2013 01:07:38 +0200 From: Hinnerk van Bruinehsen To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] ZFS Message-ID: <20130920230738.GC27740@TranscendTheRubicon.fritz.box> References: <523898A3.7000404@googlemail.com> <2097.1379441483@ccs.covici.com> <5238ADD7.8020700@googlemail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8nsIa27JVQLqB7/C" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Originating-IP: 188.106.187.97 X-Archives-Salt: 91e2d558-53bc-492e-ae89-c9522892a386 X-Archives-Hash: 5536b350a06ba268188d12d98c5183c9 --8nsIa27JVQLqB7/C Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 20, 2013 at 11:20:53AM -0700, Grant wrote: > > How about hardened? Does ZFS have any problems interacting with > > grsecurity or a hardened profile? > > Has anyone tried hardened and ZFS together? > Hi, I did - I had some problems, but I'm not sure if they were caused by the combination of ZFS and hardened. There were some issues updating kernel and= ZFS (most likely due to ZFS on root and me using ~arch hardened-sources and the live ebuild for zfs). There are some hardened options that are known to be not working (constify = was one of them but that should be patched now). I think another one was HIDESY= M. There is a (more or less regularly updated blogpost by prometheanfire (installation guide zfs+hardened+luks [1]). So you could ask him or ryao (he seems to support hardened+zfs at least to a certain degree). WKR Hinnerk [1] https://mthode.org/posts/2013/Sep/gentoo-hardened-zfs-rootfs-with-dm-cr= yptluks-062/=20 --8nsIa27JVQLqB7/C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (GNU/Linux) iQEcBAEBAgAGBQJSPNU6AAoJEJwwOFaNFkYczUAIALXWJsECzQMjcxFTYCPlGN1W CpkQGybvnpemNSXdZp5qkOhmhQh71VlpCz1fEGCHX9hSSnyQ91XqY0I9epcHtBeN RIHv7e2bG1wScDhzoauOaCqsl7tw2m9YR7jRoZ8l/eq+sEkexXZrB0brJd4vnbZA ZWERDPcM560MeHIH/duNCflXHXIeV0cri8s/EtR/aM59o6/vITII13GgfOFpjPHK OUTvQ+zXg/SlGexI1ci5+q2OG71nI5SxdXRNRhRgzW2xSvHXxkVxjqKvl88bLweY I0gETfuu7DcwqQMXsfhIPKH/t3kVJJqfAt4wylsZ28kacs8n/wtJLLe4zBtNOC0= =j4Rp -----END PGP SIGNATURE----- --8nsIa27JVQLqB7/C--