[rsbac] DAZ on Gentoo
Daniel Cegielka
daniel.cegielka at gmail.com
Mon Nov 17 16:46:49 CET 2008
>> So we must write ebuild alone? ;)
>>
>> daniel
>>
>> _______________________________________________
>> rsbac mailing list
>> rsbac at rsbac.org
>> http://www.rsbac.org/mailman/listinfo/rsbac
> I'm not part of it anymore, so I can't update things on it. I can help
> you if you need some support with RSBAC or making the RSBAC ebuilds.
> The hardened herd is looking for volunters to support various parts of
> the project (not only RSBAC, but the toolchain, etc. it's a bit lagging
> behind at the moment)
>
Now I write my own version of base ebulids based on Owl's security
solutions (http://www.openwall.com): for glibc with blowfish
(crypt_gensalt) support and many others patches from openwall, owl's
verion vixie-cron, nc, shadow with tcb... etc... etc... Gentoo must keep
support for all solutions - not only for security way (like openbsd or
owl), so I think they dont't accept this ideas.
> Anyway, this is a bit out of topic for this mailing-list. Best is that
> you use rsbac.org kernels (and probably, add up the pax patch). These
> ebuilds barely unpack and patch a kernel into /usr/src/xxxx, so
> unpacking your own there isnt a big difference anyway. Just remember to
> upgrade it and cleanup the directories when you switch to a new one ^^
>
> The tools ebuild can be version bumped and re-emerged for updates, it
> should work flawlessly at the moment
>
> kang
I try to write this rsbac-{sources,admin}.ebuild at the weekend, but I'm
afraid that there is no stable vesrion od PaX. Maybe I'm blind, but I
see only development PaX-patches (for 2.27):
http://pax.grsecurity.org/test.php
daniel cegielka
More information about the rsbac
mailing list