It would be great if you could include the SKAS patch for UML (user mode
linux)  and the POSIX capabilities CAP_INIT_INH_SET patch  in
hardened-sources contains almost anything I need (vanilla + security patches)
with nearly as few bloat as possible (the only major patch is grsecurity). If
you'd include those two patches, I could stop maintaining my own kernel source.
The SKAS patch  is needed for UML to run in SKAS (Separate Kernel Address
Space) mode which increases security and performance (see also ). It can
be deactivated in the Kernel config.
The POSIX capabilities CAP_INIT_INH_SET patch is needed to use POSIX
capabilities on a system with an unpatched SysV init (i.e. a normal Gentoo
system). It sets the Inheritable flag for all capabilities of the init
process (see also bug #5818). On a system not explicitly changing
/proc/sys/kernel/cap-bound (and thus activating POSIX capabilities), this has
no real effect. See [4,5] for more details.
*** Bug 132124 has been marked as a duplicate of this bug. ***
POSIX capabilities support has been added to sysvinit, so we don't need the kernel patch (linux-2.6.9-enable_caps.patch) anymore.
loop-AES  support would be great, though, since it's plugs several design mistakes of cryptoloop and dm-crypt (but still supports their on-disk formats, so it's nearly a drop-in replacement). The current stable sys-apps/util-linux will include loop-AES support instead of cryptoloop support unless you set USE=old-crypt, BTW.
There's already a loop-AES module ebuild in the tree, but it needs to be rebuilt every time the kernel is updated. Up to now I could save myself that hassle. There's no tool to do it automatically and at least for the those damned nvidia drivers on my workstation, I tend to forget it almost every time.
The chnaces of this being included in hardened-sources are slim.. Another unique set of sources would be more suited.
(In reply to comment #3)
> The chnaces of this being included in hardened-sources are slim.. Another
> unique set of sources would be more suited.
I don't see a chance here either.