sfaulborn at web.de
Wed Jul 26 06:21:43 PDT 2006
>On July 24, 2006 04:45 pm, Osor wrote:
>> Are we ever going to put in gradm and some policies, or is that beyond the
>> scope of this book?
>Yes, but it keeps getting postponed. It would be nice to have gradm rules for
I also think we should add gradm. After all one of the most important security
features (RBAC) cannot be activated without it. There is no need to have
rules - gradm generates them automatically (although you might want to
change some of them manually). That's one of the major advantages of
grsecurity over other security systems (such as SELINUX).
Also don't forget to also add chpax (or at least mention it somewhere in the
book!). It's needed when you want to change PAX settings for precompiled
binaries which don't use the new PAX style ELF headers (eg. Java,
precompiled MySQL, etc.)
More information about the hlfs-dev