|
Lines 154-160
Link Here
|
| 154 |
</section> |
154 |
</section> |
| 155 |
|
155 |
|
| 156 |
<section> |
156 |
<section> |
| 157 |
<title>For servers: hardened-sources and hardened-dev-sources</title> |
157 |
<title>For servers: hardened-sources, hardened-dev-sources and |
|
|
158 |
rsbac-sources</title> |
| 158 |
<body> |
159 |
<body> |
| 159 |
|
160 |
|
| 160 |
<p> |
161 |
<p> |
|
Lines 171-183
Link Here
|
| 171 |
</p> |
172 |
</p> |
| 172 |
|
173 |
|
| 173 |
<p> |
174 |
<p> |
| 174 |
The following USE-flags can be set to select optional patches: |
175 |
<c>rsbac-sources</c> contains patches to use Rule Set Based Access Controls |
|
|
176 |
(RSBAC) and comes in 2.4 and 2.6 flavours. It is maintained by the |
| 177 |
<uri link="/proj/en/hardened/rsbac/">RSBAC project</uri>, a subproject of |
| 178 |
Gentoo Hardened. |
| 175 |
</p> |
179 |
</p> |
| 176 |
|
180 |
|
| 177 |
<table> |
181 |
<impo> |
| 178 |
<tr><th>Flags</th><th>Description</th></tr> |
182 |
These kernels provide powerful patches for enhanced security. Please read the |
| 179 |
<tr><ti>selinux</ti><ti>Substitute grSecurity with SELinux support</ti></tr> |
183 |
<uri link="/proj/en/hardened/">documentation</uri> before you use them. |
| 180 |
</table> |
184 |
</impo> |
| 181 |
|
185 |
|
| 182 |
</body> |
186 |
</body> |
| 183 |
</section> |
187 |
</section> |
|
Lines 247-253
Link Here
|
| 247 |
<body> |
251 |
<body> |
| 248 |
|
252 |
|
| 249 |
<p> |
253 |
<p> |
| 250 |
The <c>mm-sources</c> are based on the <c>development-sources</c> and contain |
254 |
The <c>mm-sources</c> are based on the <c>vanilla-sources</c> and contain |
| 251 |
Andrew Morton's patch set. They include the experimental and bleeding-edge |
255 |
Andrew Morton's patch set. They include the experimental and bleeding-edge |
| 252 |
features that are going to be included in the official kernel (or that are |
256 |
features that are going to be included in the official kernel (or that are |
| 253 |
going to be rejected because they set your box on fire). They are known to be |
257 |
going to be rejected because they set your box on fire). They are known to be |
|
Lines 257-263
Link Here
|
| 257 |
|
261 |
|
| 258 |
<p> |
262 |
<p> |
| 259 |
If you really want to live on the edge and you think |
263 |
If you really want to live on the edge and you think |
| 260 |
<c>development-sources</c> are for wussies, then try out |
264 |
<c>vanilla-sources</c> are for wussies, then try out |
| 261 |
<c>mm-sources</c>. Be warned that this kernel is highly experimental and |
265 |
<c>mm-sources</c>. Be warned that this kernel is highly experimental and |
| 262 |
doesn't always work as expected. |
266 |
doesn't always work as expected. |
| 263 |
</p> |
267 |
</p> |
|
Lines 277-294
Link Here
|
| 277 |
</body> |
281 |
</body> |
| 278 |
</section> |
282 |
</section> |
| 279 |
<section> |
283 |
<section> |
| 280 |
<title>selinux-sources</title> |
|
|
| 281 |
<body> |
| 282 |
|
| 283 |
<p> |
| 284 |
<c>selinux-sources</c> from <uri>http://www.nsa.gov/selinux</uri> are |
| 285 |
patches for the security conscious to support the LSM (Linux Security |
| 286 |
Modules) and the Flask Security Architecture. |
| 287 |
</p> |
| 288 |
|
| 289 |
</body> |
| 290 |
</section> |
| 291 |
<section> |
| 292 |
<title>usermode-sources</title> |
284 |
<title>usermode-sources</title> |
| 293 |
<body> |
285 |
<body> |
| 294 |
|
286 |
|
|
Lines 408-414
Link Here
|
| 408 |
|
400 |
|
| 409 |
<p> |
401 |
<p> |
| 410 |
<c>selinux-sources</c>, a 2.4 kernel including lots of security enhancements, |
402 |
<c>selinux-sources</c>, a 2.4 kernel including lots of security enhancements, |
| 411 |
has been obseleted by security development in the 2.6 tree. |
403 |
has been obseleted by security development in the 2.6 tree. SELinux |
|
|
404 |
functionality can be found in the <c>hardened-sources</c> and |
| 405 |
<c>hardened-dev-sources</c> packages. |
| 412 |
</p> |
406 |
</p> |
| 413 |
|
407 |
|
| 414 |
</body> |
408 |
</body> |
