From: Nils Freydank <nils.freydank@posteo.de>
To: gentoo-user@lists.gentoo.org
Cc: perfinion@gentoo.org
Subject: Re: [gentoo-user] Is Hardened profile and SELinux support active?
Date: Thu, 09 Apr 2020 15:42:22 +0200 [thread overview]
Message-ID: <2164631.ElGaqSPkdT@pygoscelis> (raw)
In-Reply-To: <3307831.iIbC2pHGDl@sea-ll-10936>
[-- Attachment #1: Type: text/plain, Size: 1843 bytes --]
Hi Ihor,
myself I use only hardened profiles without SELinux on my machines, and
AFAICT it mostly boils down *this* way to some default toolchain flags for
C/C++ and a nearly-default kernel (sys-kernel/gentoo-soures package)[a].
I dropped a note about your question on the IRC channel #gentoo-hardened on
freenode[b] and got mostly instant responses from people telling they run
SELinux fine on Gentoo (so it seems you're right and only our docs are a
bit dusty) -- you might want to ask there for details ;-)
I'm top-posting here and Cc'ing one of the gentoo devs maintaing SELinux,
so he get's your original question aswell (he hasn't subscribed to this
list).
hope this helps and from my side also a warm welcome to Gentoo!
[a] side note: it's similar to archs default kernel mostly vanilla upstream
only with security or bugfix patches and optional patches for
convenience, e.g. -march=native or systemd vs openrc.
[b] https://webchat.freenode.net/
Am Dienstag, 7. April 2020, 06:40:30 CEST schrieb Ihor Antonov:
> Hi everyone,
>
> I am very new to Gentoo and I am currently migrating from Arch.
> Gentoo attracts me with a freedom of system configuration and with
> multiple supported architectures.
>
> I was attracted by Hardened profile described at [1][2][3]
> But reading [1] I also got confused because it looks like it is no longer
> maintained.
>
> So the question is it just outdated wiki page? Is anyone using Hardened
> profile? Is it maintained? In Archlinux SELinux is not supported
> officially so this is why I am looking around.
>
> Thanks/
>
> [1] https://wiki.gentoo.org/wiki/Project:Hardened[1]
> [2] https://wiki.gentoo.org/wiki/Hardened/FAQ[2]
> [3] https://wiki.gentoo.org/wiki/Hardened_Gentoo[3]
--
PGP fingerprint: '00EF D31F 1B60 D5DB ADB8 31C1 C0EC E696 0E54 475B'
keybase.io/nfreydank
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 963 bytes --]
prev parent reply other threads:[~2020-04-09 13:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-07 4:40 [gentoo-user] Is Hardened profile and SELinux support active? Ihor Antonov
2020-04-08 11:54 ` Michael
2020-04-08 16:59 ` Tully Gray
2020-04-09 13:42 ` Nils Freydank [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2164631.ElGaqSPkdT@pygoscelis \
--to=nils.freydank@posteo.de \
--cc=gentoo-user@lists.gentoo.org \
--cc=perfinion@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox