Bug 143917

Summary:	proposed patch for hardened-sources
Product:	Gentoo Linux	Reporter:	Sergio Bevilacqua <sergio.bevilacqua>
Component:	Hardened	Assignee:	The Gentoo Linux Hardened Team <hardened>
Status:	RESOLVED CANTFIX
Severity:	enhancement	CC:	sergio.bevilacqua
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	kernel patch

Description Sergio Bevilacqua 2006-08-14 12:15:08 UTC

i suggest some optimization for hardened-sources kernel series.
all of these optimizations are just increases of the default kernel parameters

i use these optimizations on my production-systems

Comment 1 Sergio Bevilacqua 2006-08-14 12:15:47 UTC

Created attachment 94261 [details, diff]
kernel patch

Comment 2 Sergio Bevilacqua 2006-08-14 12:18:09 UTC

these changes are documenter in the book "securing and optimizing linux" vol.3 by Gerhard Mourani

Comment 3 solar (RETIRED) gentoo-dev

2006-08-14 12:42:48 UTC

With 2.4.x these old changes used to be needed (when running an ircd) but with 
2.6.x I'm not so sure..

What can you not do via the ulimit command?
ulimit -n 8192 ; 
ulimit -OPTS ...

Comment 4 Sergio Bevilacqua 2006-11-19 14:25:55 UTC

only changes in include/linux/limits.h can be do via ulimit
not changes in include/linux/posix_types.h and include/linux/sem.h

Comment 5 Christian Heim (RETIRED) gentoo-dev

2007-04-29 15:46:26 UTC

(In reply to comment #4)
> only changes in include/linux/limits.h can be do via ulimit
> not changes in include/linux/posix_types.h and include/linux/sem.h

If you really need to change them, please do it locally. This isn't really a patch that belongs into the hardened patchset.