From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-150849-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id BC7761381F3
	for <garchives@archives.gentoo.org>; Fri, 20 Sep 2013 23:07:57 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 8749FE0AF6;
	Fri, 20 Sep 2013 23:07:44 +0000 (UTC)
Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 6EA08E09C5
	for <gentoo-user@lists.gentoo.org>; Fri, 20 Sep 2013 23:07:43 +0000 (UTC)
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69])
          by outpost1.zedat.fu-berlin.de (Exim 4.80.1)
          for gentoo-user@lists.gentoo.org with esmtp
          (envelope-from <h.v.bruinehsen@fu-berlin.de>)
          id <1VN9nZ-002mrZ-Ns>; Sat, 21 Sep 2013 01:07:41 +0200
Received: from dslb-188-106-187-097.pools.arcor-ip.net ([188.106.187.97] helo=TranscendTheRubicon.fritz.box)
          by inpost2.zedat.fu-berlin.de (Exim 4.80.1)
          for gentoo-user@lists.gentoo.org with esmtpsa
          (envelope-from <h.v.bruinehsen@fu-berlin.de>)
          id <1VN9nZ-000JUk-Hz>; Sat, 21 Sep 2013 01:07:41 +0200
Date: Sat, 21 Sep 2013 01:07:38 +0200
From: Hinnerk van Bruinehsen <h.v.bruinehsen@fu-berlin.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] ZFS
Message-ID: <20130920230738.GC27740@TranscendTheRubicon.fritz.box>
References: <CAN0CFw1nGVZxJGGsq4TZidEPuyLDkcD0oYRDOOfNzFFM2vQ-tg@mail.gmail.com>
 <523898A3.7000404@googlemail.com>
 <2097.1379441483@ccs.covici.com>
 <5238ADD7.8020700@googlemail.com>
 <CAN0CFw0RtRX0+pCXtR_gAOioM056z3viJ+28bVBAUvreC80_SQ@mail.gmail.com>
 <CAN0CFw261bY8e5Fc2RW5xErC80pPzjUTW6Vt5tsHZ8uqK5DRYw@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="8nsIa27JVQLqB7/C"
Content-Disposition: inline
In-Reply-To: <CAN0CFw261bY8e5Fc2RW5xErC80pPzjUTW6Vt5tsHZ8uqK5DRYw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Originating-IP: 188.106.187.97
X-Archives-Salt: 91e2d558-53bc-492e-ae89-c9522892a386
X-Archives-Hash: 5536b350a06ba268188d12d98c5183c9


--8nsIa27JVQLqB7/C
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Sep 20, 2013 at 11:20:53AM -0700, Grant wrote:
> > How about hardened?  Does ZFS have any problems interacting with
> > grsecurity or a hardened profile?
>
> Has anyone tried hardened and ZFS together?
>

Hi,

I did - I had some problems, but I'm not sure if they were caused by the
combination of ZFS and hardened. There were some issues updating kernel and=
 ZFS
(most likely due to ZFS on root and me using ~arch hardened-sources and the
live ebuild for zfs).
There are some hardened options that are known to be not working (constify =
was
one of them but that should be patched now). I think another one was HIDESY=
M.

There is a (more or less regularly updated blogpost by prometheanfire
(installation guide zfs+hardened+luks [1]).
So you could ask him or ryao (he seems to support hardened+zfs at least to
a certain degree).

WKR
Hinnerk


[1] https://mthode.org/posts/2013/Sep/gentoo-hardened-zfs-rootfs-with-dm-cr=
yptluks-062/=20

--8nsIa27JVQLqB7/C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)

iQEcBAEBAgAGBQJSPNU6AAoJEJwwOFaNFkYczUAIALXWJsECzQMjcxFTYCPlGN1W
CpkQGybvnpemNSXdZp5qkOhmhQh71VlpCz1fEGCHX9hSSnyQ91XqY0I9epcHtBeN
RIHv7e2bG1wScDhzoauOaCqsl7tw2m9YR7jRoZ8l/eq+sEkexXZrB0brJd4vnbZA
ZWERDPcM560MeHIH/duNCflXHXIeV0cri8s/EtR/aM59o6/vITII13GgfOFpjPHK
OUTvQ+zXg/SlGexI1ci5+q2OG71nI5SxdXRNRhRgzW2xSvHXxkVxjqKvl88bLweY
I0gETfuu7DcwqQMXsfhIPKH/t3kVJJqfAt4wylsZ28kacs8n/wtJLLe4zBtNOC0=
=j4Rp
-----END PGP SIGNATURE-----

--8nsIa27JVQLqB7/C--