* [gentoo-user] Is Hardened profile and SELinux support active?
@ 2020-04-07 4:40 Ihor Antonov
2020-04-08 11:54 ` Michael
2020-04-09 13:42 ` Nils Freydank
0 siblings, 2 replies; 4+ messages in thread
From: Ihor Antonov @ 2020-04-07 4:40 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 880 bytes --]
Hi everyone,
I am very new to Gentoo and I am currently migrating from Arch.
Gentoo attracts me with a freedom of system configuration and with multiple supported
architectures.
I was attracted by Hardened profile described at [1][2][3]
But reading [1] I also got confused because it looks like it is no longer maintained.
So the question is it just outdated wiki page? Is anyone using Hardened profile? Is it
maintained? In Archlinux SELinux is not supported officially so this is why I am looking
around.
Thanks/
[1] https://wiki.gentoo.org/wiki/Project:Hardened[1]
[2] https://wiki.gentoo.org/wiki/Hardened/FAQ[2]
[3] https://wiki.gentoo.org/wiki/Hardened_Gentoo[3]
--
Ihor Antonov
https://useplaintext.email
--------
[1] https://wiki.gentoo.org/wiki/Project:Hardened
[2] https://wiki.gentoo.org/wiki/Hardened/FAQ
[3] https://wiki.gentoo.org/wiki/Hardened_Gentoo
[-- Attachment #2: Type: text/html, Size: 4172 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] Is Hardened profile and SELinux support active?
2020-04-07 4:40 [gentoo-user] Is Hardened profile and SELinux support active? Ihor Antonov
@ 2020-04-08 11:54 ` Michael
2020-04-08 16:59 ` Tully Gray
2020-04-09 13:42 ` Nils Freydank
1 sibling, 1 reply; 4+ messages in thread
From: Michael @ 2020-04-08 11:54 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1215 bytes --]
Hi Ihor, welcome to Gentoo. :-)
On Tuesday, 7 April 2020 05:40:30 BST Ihor Antonov wrote:
> Hi everyone,
>
> I am very new to Gentoo and I am currently migrating from Arch.
> Gentoo attracts me with a freedom of system configuration and with multiple
> supported architectures.
>
> I was attracted by Hardened profile described at [1][2][3]
> But reading [1] I also got confused because it looks like it is no longer
> maintained.
>
> So the question is it just outdated wiki page? Is anyone using Hardened
> profile? Is it maintained? In Archlinux SELinux is not supported officially
> so this is why I am looking around.
>
> Thanks/
>
> [1] https://wiki.gentoo.org/wiki/Project:Hardened[1]
> [2] https://wiki.gentoo.org/wiki/Hardened/FAQ[2]
> [3] https://wiki.gentoo.org/wiki/Hardened_Gentoo[3]
I have never used a Hardened profile and have not followed up what happened
after the GRSecurity developer abandoned his code development.[1]
https://grsecurity.net/passing_the_baton
Someone else could comment on the future of Gentoo Hardened, but I am posting
this message having noticed your message may have not made it through to some
recipients (the dreaded DMARC caused a DKIM header failure again).
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [gentoo-user] Is Hardened profile and SELinux support active?
2020-04-08 11:54 ` Michael
@ 2020-04-08 16:59 ` Tully Gray
0 siblings, 0 replies; 4+ messages in thread
From: Tully Gray @ 2020-04-08 16:59 UTC (permalink / raw
To: gentoo-user@lists.gentoo.org
>> Hi everyone,
>>
>> I am very new to Gentoo and I am currently migrating from Arch.
>> Gentoo attracts me with a freedom of system configuration and with multiple
>> supported architectures.
>>
>> I was attracted by Hardened profile described at [1][2][3]
>> But reading [1] I also got confused because it looks like it is no longer
>> maintained.
>>
>> So the question is it just outdated wiki page? Is anyone using Hardened
>> profile? Is it maintained? In Archlinux SELinux is not supported officially
>> so this is why I am looking around.
>>
>> Thanks/
>>
>> [1] https://wiki.gentoo.org/wiki/Project:Hardened[1]
>> [2] https://wiki.gentoo.org/wiki/Hardened/FAQ[2]
>> [3] https://wiki.gentoo.org/wiki/Hardened_Gentoo[3]
>I have never used a Hardened profile and have not followed up what happened
>after the GRSecurity developer abandoned his code development.[1]
>https://grsecurity.net/passing_the_baton
>Someone else could comment on the future of Gentoo Hardened, but I am posting
>this message having noticed your message may have not made it through to some
>recipients (the dreaded DMARC caused a DKIM header failure again).
I have fairly recently (in the last six months) converted my Gentoo systems to
use SELinux. The process was relatively painless and the quality of the
documentation was very good. Already in this short period of time I have
updated all systems with a new SELinux policy. Portage (Gentoo's package
manager) appears to handle policy updates quite well and the update took place
without any major problems. The main dev responsible of SELinux on Gentoo is
approachable and knowledgeable.
I'd say that SELinux on Gentoo seems to be in rather good health!
Tully.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] Is Hardened profile and SELinux support active?
2020-04-07 4:40 [gentoo-user] Is Hardened profile and SELinux support active? Ihor Antonov
2020-04-08 11:54 ` Michael
@ 2020-04-09 13:42 ` Nils Freydank
1 sibling, 0 replies; 4+ messages in thread
From: Nils Freydank @ 2020-04-09 13:42 UTC (permalink / raw
To: gentoo-user; +Cc: perfinion
[-- Attachment #1: Type: text/plain, Size: 1843 bytes --]
Hi Ihor,
myself I use only hardened profiles without SELinux on my machines, and
AFAICT it mostly boils down *this* way to some default toolchain flags for
C/C++ and a nearly-default kernel (sys-kernel/gentoo-soures package)[a].
I dropped a note about your question on the IRC channel #gentoo-hardened on
freenode[b] and got mostly instant responses from people telling they run
SELinux fine on Gentoo (so it seems you're right and only our docs are a
bit dusty) -- you might want to ask there for details ;-)
I'm top-posting here and Cc'ing one of the gentoo devs maintaing SELinux,
so he get's your original question aswell (he hasn't subscribed to this
list).
hope this helps and from my side also a warm welcome to Gentoo!
[a] side note: it's similar to archs default kernel mostly vanilla upstream
only with security or bugfix patches and optional patches for
convenience, e.g. -march=native or systemd vs openrc.
[b] https://webchat.freenode.net/
Am Dienstag, 7. April 2020, 06:40:30 CEST schrieb Ihor Antonov:
> Hi everyone,
>
> I am very new to Gentoo and I am currently migrating from Arch.
> Gentoo attracts me with a freedom of system configuration and with
> multiple supported architectures.
>
> I was attracted by Hardened profile described at [1][2][3]
> But reading [1] I also got confused because it looks like it is no longer
> maintained.
>
> So the question is it just outdated wiki page? Is anyone using Hardened
> profile? Is it maintained? In Archlinux SELinux is not supported
> officially so this is why I am looking around.
>
> Thanks/
>
> [1] https://wiki.gentoo.org/wiki/Project:Hardened[1]
> [2] https://wiki.gentoo.org/wiki/Hardened/FAQ[2]
> [3] https://wiki.gentoo.org/wiki/Hardened_Gentoo[3]
--
PGP fingerprint: '00EF D31F 1B60 D5DB ADB8 31C1 C0EC E696 0E54 475B'
keybase.io/nfreydank
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 963 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-04-09 13:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-07 4:40 [gentoo-user] Is Hardened profile and SELinux support active? Ihor Antonov
2020-04-08 11:54 ` Michael
2020-04-08 16:59 ` Tully Gray
2020-04-09 13:42 ` Nils Freydank
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox