Hi, two issues with the Gentoo Linux Kernel Guide: 1. Under "Supported kernel packages", "For servers[...]" the guide states that the user can set the selinux USE-flag to enable optional patches. As far as I understand it the user must not set the selinux USE-flag, this is done by the profile. Ar least that's what euse is telling me. 2. rsbac-sources are(is?) missing from "Supported kernel packages". I thought they were supported because they are part of the hardened project? They're just referenced at "Previously provided kernel packages" as the successor of rsbac-dev-sources. Reproducible: Always Steps to Reproduce: On an additional note, how can I help in documentation bug reports. Propose the changes in "written words", a patch maybe? Something else? Thanks for your time, max
if you _really_ want to be helpful, you can learn guideXML and propose patches: http://www.gentoo.org/doc/en/xml-guide.xml and http://www.gentoo.org/proj/en/gdp/doc/doc-tipsntricks.xml #gentoo-hardened (specifically r2d2 and spb) says that you are correct, with one minor addition. rsbac-sources isn't maintained by the normal kernel maintainers. it is maintained by the rsbac subproject of the top level project hardened. i can either patch the doc to say this or can take a look at your patch (after you read those rather lengthy pages) thanks for filing
sorry, that last post was slightly unclear. would you like me to patch it or would you like to take a shot at it?
Well, I don't have a patch ready, but I'll try. But first I have to sleep now, it's quite late here. So if you want this fast, it is probably better to do this yourself. Good night, max
its ok if it takes a little while. it will be worth it for you to learn and be able to patch future docs if you find problems with them. (that is, if you are at all interested in doing so. if not, just say so and i will patch it myself)
Created attachment 58361 [details, diff] gentoo-kernel.diff Okay, I tried it, please have a look at it. Don't know if I got the word-wrapping right and looking at the test html file, the font size seems to big? Thank you, max
actually, i only have a few comments: 1. please wrap text to 80 characters/line 2. include information about selinux-sources 3. include the fact that hardened kernels of any sort should only be used it you have a hardened profile or _really_ know what you are doing. 4. it might also be appropiate to mention that 2.6 kernels are masked by default in hardened profiles. *-dev-sources are also no longer supported, so users have to unmask by hand if they want to use 2.6 overall, though, good.
Created attachment 58492 [details, diff] updated patch > 2. include information about selinux-sources Uhm, they're not in portage anymore. I removed them from "Unsupported kernel packeges" and added some snippets at the end. > 3. include the fact that hardened kernels of any sort should only be used it you have a hardened profile or _really_ know what you are doing. Do you think the stuff in the <impo> tags is sufficient? > 4. it might also be appropiate to mention that 2.6 kernels are masked by default in hardened profiles. *-dev-sources are also no longer supported, so users have to unmask by hand if they want to use 2.6 Wouldn't it be better to leave that to the hardened docu? If not, shouldn't hardened-dev-sources be removed from the guide? Oh, and mm-sources still refered to development-sources, I changed that to vanilla-sources. thanks, max
looks great. thanks for filing and submitting. swift, i recomend committing.
*** Bug 92143 has been marked as a duplicate of this bug. ***
In CVS. Thanks a lot for your patch.
