Talk:Hardened/Grsecurity2 Quickstart

From Gentoo Wiki
Jump to: navigation, search
Note
This is a MediaWiki talk page. Please add newer comments below older ones, and sign your comments using four tildes (~~~~). When adding a new section (at the bottom of the page), please mark it as "open for discussion" by using {{talk|open}} so it will show up in the list of open discussions.

Missing kernel options

Talk status
This discussion is still ongoing.

During configuration of sys-kernel/hardened-sources-3.11.7-r1 for x64 virtual machine I've noticed that these kernel options don't exist anymore:

CONFIG_GRKERNSEC_AUDIT_IPC
CONFIG_GRKERNSEC_AUDIT_TEXTREL
CONFIG_GRKERNSEC_EXECVE
CONFIG_GRKERNSEC_RANDPID
CONFIG_GRKERNSEC_RANDID
CONFIG_GRKERNSEC_RANDSRC
CONFIG_GRKERNSEC_RANDRPC

Maybe an update to Wiki page needed?

Besides that I've noticed new options, that should be on Wiki page also:

CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y

First one enables the ability to change /proc/sys/kernel/grsecurity/*, and the second one enables everything by default without the need to write to /etc/sysctl.conf things like:

kernel.grsecurity.chroot_deny_sysctl = 1
kernel.grsecurity.chroot_caps = 1

Hope this will be helpful. — The preceding unsigned comment was added by Stan31337 (talkcontribs)