Hi hardened users,
Currently, when configuring the hardened kernel, the user is presented
with some predefined Security Levels. (Security options -> Grsecuirty
-> Security Level). Four of these are set by Gentoo
Hardened Gentoo [server]
Hardened Gentoo [server no rbac]
Hardened Gentoo [workstation]
Hardened Gentoo [workstation no rbac]
These are defined so as to maximize security while minimizing breakage
with Gentoo software. I'm proposing to change this to
Hardened Gentoo [server]
Hardened Gentoo [workstation or virtualization host]
One change will be to remove the "no rbac" option which is easily turned
on/off at Security options -> Grsecuirty -> Role Based Access Control
Options -> Disable RBAC system. The default will be on (ie do not
disable rbac). Even if the users doesn't want to use RBAC and still
enables it, there is no harm done since RBAC simply be available but not
used unless turned on by gradm.
The other change will be to add a "virtualization host" option.
Currently these settings are identical to the workstation and so are
coalesced, but may change. I am trying to make the hardened kernel
compatible with VirtualBox and kvm, but there are some security settings
which will most likely *always* break virtualization and will need to be
turned off.
This is work in progress and testing is appreciated. The ebuilds are on
my overlay.
--
Anthony G. Basile, Ph.D.
Gentoo Developer
