Talk:Hardened/Grsecurity2 Quickstart

From Gentoo Wiki
Jump to:navigation Jump to:search
Note
Before creating a discussion or leaving a comment, please read about using talk pages. To create a new discussion, click here. Comments on an existing discussion should be signed using ~~~~:
A comment [[User:Larry|Larry]] 13:52, 13 May 2024 (UTC)
: A reply [[User:Sally|Sally]] 10:49, 12 December 2024 (UTC)
:: Your reply ~~~~

Missing kernel options

Talk status
This discussion is still ongoing.

During configuration of sys-kernel/hardened-sources-3.11.7-r1 for x64 virtual machine I've noticed that these kernel options don't exist anymore:

CONFIG_GRKERNSEC_AUDIT_IPC
CONFIG_GRKERNSEC_AUDIT_TEXTREL
CONFIG_GRKERNSEC_EXECVE
CONFIG_GRKERNSEC_RANDPID
CONFIG_GRKERNSEC_RANDID
CONFIG_GRKERNSEC_RANDSRC
CONFIG_GRKERNSEC_RANDRPC

Maybe an update to Wiki page needed?

Besides that I've noticed new options, that should be on Wiki page also:

CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y

First one enables the ability to change /proc/sys/kernel/grsecurity/*, and the second one enables everything by default without the need to write to /etc/sysctl.conf things like:

kernel.grsecurity.chroot_deny_sysctl = 1
kernel.grsecurity.chroot_caps = 1

Hope this will be helpful. — The preceding unsigned comment was added by Stan31337 (talkcontribs)