Switch to Gentoo sources
by Sven Vermeulen, post on Tue 22 August 2017You've might already read it on the Gentoo news site, the Hardened Linux kernel sources are removed from the tree due to the grsecurity change where the grsecurity Linux kernel patches are no longer provided for free. The decision was made due to supportability and maintainability reasons.
That doesn't mean that users who want to stick with the grsecurity related hardening features are left alone. Agostino Sarubbo has started providing sys-kernel/grsecurity-sources for the users who want to stick with it, as it is based on minipli's unofficial patchset. I seriously hope that the patchset will continue to be maintained and, who knows, even evolve further.
Personally though, I'm switching to the Gentoo sources, and stick with SELinux as one of the protection measures. And with that, I might even start using my NVidia graphics card a bit more, as that one hasn't been touched in several years (I have an Optimus-capable setup with both an Intel integrated graphics card and an NVidia one, but all attempts to use nouveau for the one game I like to play - minecraft - didn't work out that well).
Handling certificates in Gentoo Linux
by Sven Vermeulen, post on Mon 06 March 2017I recently created a new article on the Gentoo Wiki titled Certificates which talks about how to handle certificate stores on Gentoo Linux. The write-up of the article (which might still change name later, because it does not handle everything about certificates, mostly how to handle certificate stores) was inspired by the observation that I had to adjust the certificate stores of both Chromium and Firefox separately, even though they both use NSS.
Custom CIL SELinux policies in Gentoo
by Sven Vermeulen, post on Thu 10 September 2015In Gentoo, we have been supporting custom policy packages for a while now. Unlike most other distributions, which focus on binary packages, Gentoo has always supported source-based packages as default (although binary packages are supported as well).
A recent commit now also allows CIL files to be used.
Maintaining packages and backporting
by Sven Vermeulen, post on Wed 02 September 2015A few days ago I committed a small update to policycoreutils
, a SELinux related
package that provides most of the management utilities for SELinux systems. The
fix was to get two patches (which are committed upstream) into the existing
release so that our users can benefit from the fixed issues without having to
wait for a new release.
Slowly converting from GuideXML to HTML
by Sven Vermeulen, post on Tue 25 August 2015Gentoo has removed its support of the older GuideXML format in favor of using the Gentoo Wiki and a new content management system for the main site (or is it static pages, I don't have the faintest idea to be honest). I do still have a few GuideXML pages in my development space, which I am going to move to HTML pretty soon.
In order to do so, I make use of the guidexml2wiki stylesheet I developed. But instead of migrating it to wiki syntax, I want to end with HTML.
Finding a good compression utility
by Sven Vermeulen, post on Thu 13 August 2015I recently came across a wiki page
written by Herman Brule
which gives a quick benchmark on a couple of compression methods / algorithms.
It gave me the idea of writing a quick script that tests out a wide number of
compression utilities available in Gentoo (usually through the app-arch
category), with also a number of options (in case multiple options are
possible).
Live SELinux userspace ebuilds
by Sven Vermeulen, post on Wed 10 June 2015In between courses, I pushed out live ebuilds for the SELinux userspace applications: libselinux, policycoreutils, libsemanage, libsepol, sepolgen, checkpolicy and secilc. These live ebuilds (with Gentoo version 9999) pull in the current development code of the SELinux userspace so that developers and contributors can already work with in-progress code developments as well as see how they work on a Gentoo platform.
Moving closer to 2.4 stabilization
by Sven Vermeulen, post on Mon 27 April 2015The SELinux userspace project has released version 2.4 in february this year, after release candidates have been tested for half a year. After its release, we at the Gentoo Hardened project have been working hard to integrate it within Gentoo. This effort has been made a bit more difficult …
Trying out Pelican, part one
by Sven Vermeulen, post on Fri 06 March 2015One of the goals I've set myself to do this year (not as a new year resolution though, I *really* want to accomplish this ;-) is to move my blog from Wordpress to a statically built website. And Pelican looks to be a good solution to do so. It's based on …
Have dhcpcd wait before backgrounding
by Sven Vermeulen, post on Sun 08 February 2015Many of my systems use DHCP for obtaining IP addresses. Even though they all receive a static IP address, it allows me to have them moved over (migrations), use TFTP boot, cloning (in case of quick testing), etc. But one of the things that was making my efforts somewhat more …