What to do with old 1) profiles and 2) kernels
On 14/06/2012 17:04, "Paweł Hajdan, Jr." wrote:
On 6/14/12 4:51 PM, Anthony G. Basile wrote:
1) We still have the old 10.0 hardened profiles on the tree. They've
been marked deprecated for about two years and I have no idea what state
they're in. I'm going to punt them in a day unless someone gives me a
really good reason to keep them.
If you have some more time (maybe later) it would be nice to restructure
the profiles so that hardened bits are in profiles/features, to allow
e.g. easy creation of hardened-developer profile.
I create my own: /usr/local/portage/profiles/myname/xxx
And in there I create my own sub profiles for all my linux-vserver builds.
Actually, there isn't anything I currently need splitting out of the
current profiles, so not quite sure what I'm +1-ing, but I guess more to
raise awareness that this is quite easy and works extremely nicely
Oh, as an aside, I have settled on linux-vservers+grsec+pax as my tool
of choice for servers (I guess that's roughly a hardened kernel +
linux-vserver). I find that vservers are extremely lightweight and easy
to maintain and the hardened stuff makes me sleep a little easier (the
linux-vserver code already includes all the important restrictions to
make it hard to escape from chroots, the grsec/patch parts for that are
unnecessary). I would recommend that solution to anyone with a server
|All times are GMT. The time now is 06:43 PM.|
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.